From bernhard at intevation.de Tue Apr 1 12:12:49 2014
From: bernhard at intevation.de (Bernhard Reiter)
Date: Tue, 1 Apr 2014 12:12:49 +0200
Subject: x.509 and gpg
In-Reply-To: <04b61caf82019df04cf65bee7ee792eb.squirrel@webmail.harte-lyne.ca>
References: <04b61caf82019df04cf65bee7ee792eb.squirrel@webmail.harte-lyne.ca>
Message-ID: <201404011212.53350.bernhard@intevation.de>
Hi James,
On Thursday 27 March 2014 at 21:50:16, James B. Byrne wrote:
> However, gpgsm does not seem to want to deal with our certificates and I
> lack the experience or knowledge to determine exactly why. So, I am here
> asking for your assistance to resolve this problem.
>
> I started with a single certificate and key issued to myself and signed by
> our CA:
>
> openssl pkcs12 -export -in 3F.pem -inkey 3F.key -out 3F.p12
>
> I then attempted to import this into my gpg keyring via the command line
> using gpgsm:
>
> gpgsm --import 3F.p12
> gpgsm[5321]: can't connect to `/home/byrnejb/.gnupg/S.gpg-agent': No such
> file or directory
> I gather from the first line of error that I should be running gpg-agent.
Yes, you should run gpg-agent. It is also recommendable when using OpenPGP.
Gpg-agent is the component dealing with the private certificates (that
includes access to the (private) key material). It can also cache parts of
this.
Under some circumstances gpg-agent is started automatically, but because
you may access gnupg/gpgsm functions from several applications/terminals,
it makes a lot of sense to start it early.
> I have read how to start this for command line sessions but I am hesitant
> to do so before getting some expert help. The session manager I am using
> for this is gnome-terminal running from a non-privileged gnome desktop
> manager (gnome-desktop.x86_64-2.28.2). Should I start this from
> .bash_profile, which would imply that a new gpg-agent would be started for
> each new session window? or as some have suggested, start it from
> .Xsession? or perhaps gpg-agent should not be started at all and I should
> use some option on gpgsm to avoid the need for gpg-agent.
info gnupg2
section Invoking GPG-AGENT
is your friend. :)
> In any case, I am also trying to determine how to load our CA root and CA
> issuer certificates or at least make them known to gpg/gpgsm as this seems
> necessary given what I have read in the man pages.
See http://wiki.gnupg.org/X.509, I've linked by root certificate guide
from there.
Let me know how it works out for you!
Bernhard
--
www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabr?ck, Germany; Amtsgericht Osnabr?ck, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3696 bytes
Desc: not available
URL:
From byrnejb at harte-lyne.ca Tue Apr 1 17:03:56 2014
From: byrnejb at harte-lyne.ca (James B. Byrne)
Date: Tue, 1 Apr 2014 11:03:56 -0400
Subject: x.509 and gpg
In-Reply-To: <201404011212.53350.bernhard@intevation.de>
References: <04b61caf82019df04cf65bee7ee792eb.squirrel@webmail.harte-lyne.ca>
<201404011212.53350.bernhard@intevation.de>
Message-ID: <4b9da5d7e60c40b337f117c927e50646.squirrel@webmail.harte-lyne.ca>
On Tue, April 1, 2014 06:12, Bernhard Reiter wrote:
> Hi James,
>
. . .
>
> See http://wiki.gnupg.org/X.509, I've linked by root certificate guide
> from there.
>
> Let me know how it works out for you!
> Bernhard
Thank you. I have put the issue aside for now as yours is the first response
I have received and I was unable to make much progress on my own. I will
review the material you refer to and will indeed report on any progress or
difficulties I encounter.
Regards,
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
From postpics123 at gmail.com Tue Apr 1 11:20:53 2014
From: postpics123 at gmail.com (------ ------)
Date: Tue, 1 Apr 2014 11:20:53 +0200
Subject: post-quantum computing in GnuPG
Message-ID:
Hi, is there any plan to include post-quantum cryptography ciphers such as
McEliece and NTRU in GnuPG?
I know that NTRU is patented until 2020, but I found some C
implementations. It says that modifying the code it is possibile to have it
patent-free in 2017.
http://goo.gl/cQGavW
This is there officiale implementation by Security Innovation.
http://goo.gl/J6Adjw
In any case there is McEliece.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rjh at sixdemonbag.org Wed Apr 2 01:43:09 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 01 Apr 2014 19:43:09 -0400
Subject: post-quantum computing in GnuPG
In-Reply-To:
References:
Message-ID: <533B4F0D.90901@sixdemonbag.org>
> Hi, is there any plan to include post-quantum cryptography ciphers such
> as McEliece and NTRU in GnuPG?
I am not a GnuPG developer: they will have the official word.
Unofficially, no. GnuPG tracks the RFCs published by the IETF Working
Group. If you want to see this, make a case for it to the WG and get
algorithm numbers, etc., assigned. Then implement it as a patch to a
GnuPG tree and let people beat on it for a while. If it survives,
you've got an excellent chance of getting it adopted into GnuPG.
I know, I know -- "I didn't mean 'how do *I* implement it,' I meant 'are
*you* going to implement it.'" And the answer there is probably not,
not unless someone like you gets the ball rolling in the above fashion.
From gnupg at tim.thechases.com Wed Apr 2 03:01:28 2014
From: gnupg at tim.thechases.com (Tim Chase)
Date: Tue, 1 Apr 2014 20:01:28 -0500
Subject: Encrypted file-size approximation with multiple recipients
Message-ID: <20140401200128.46b62b28@bigbox.christie.dr>
I've been trying to find a good explanation on how something like
gpg -r DEADBEEF -r CAFEBABE -r 8BADFOOD -o output.gpg -e input.txt
works. The best I've been able to find is this:
http://lists.gnupg.org/pipermail/gnupg-users/2007-October/031938.html
I'm mostly interested in the overhead, so I set up 4 distinct
homedirs for testing. It looks like each additional recipient adds
about 271 bytes (though one of them only has an extra 270 bytes), and
there's a per-file overhead of about 66 or 67 bytes.
So from my experimentation, the final file-size ends up being
something like
input_file_size + 67 + (271 * recipient_count)
but I'm not sure how much that might change based on conditions I'm
not taking into consideration (all my test GPG users were just
gpg1 at example.com, gpg2 at example.com, etc), all with 2048-bit keys.
Is there a more formal formula that can be used to approximate the
overhead of multi-recipient encryption?
Thanks,
-tkc
From sam.mxracer at gmail.com Wed Apr 2 04:45:17 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Tue, 01 Apr 2014 22:45:17 -0400
Subject: Encrypted file-size approximation with multiple recipients
In-Reply-To: <20140401200128.46b62b28@bigbox.christie.dr>
References: <20140401200128.46b62b28@bigbox.christie.dr>
Message-ID: <184888cc-0718-46f9-8425-33a30d108a3a@email.android.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On April 1, 2014 9:01:28 PM EDT, Tim Chase wrote:
>I've been trying to find a good explanation on how something like
>
> gpg -r DEADBEEF -r CAFEBABE -r 8BADFOOD -o output.gpg -e input.txt
>
>works. The best I've been able to find is this:
>
>http://lists.gnupg.org/pipermail/gnupg-users/2007-October/031938.html
>
>I'm mostly interested in the overhead, so I set up 4 distinct
>homedirs for testing. It looks like each additional recipient adds
>about 271 bytes (though one of them only has an extra 270 bytes), and
>there's a per-file overhead of about 66 or 67 bytes.
>
>So from my experimentation, the final file-size ends up being
>something like
>
> input_file_size + 67 + (271 * recipient_count)
>
>but I'm not sure how much that might change based on conditions I'm
>not taking into consideration (all my test GPG users were just
>gpg1 at example.com, gpg2 at example.com, etc), all with 2048-bit keys.
>
>Is there a more formal formula that can be used to approximate the
>overhead of multi-recipient encryption?
>
>Thanks,
>
>-tkc
After reading in the gpg man page different recipients can have different key sizes. Additionally gpg will look at the supported cipher algorthms of all recipients and attempt to choose an algorithm common between them.
That means your calculations aren't accounting for the different key sizes nor is it accounting for the size of the session key (session key is for the symmetric algo).
You can go about this one of two ways. You can try write a program smart enough to account for that or you can keep it simple.
KISS: assume worst case for every recipient and then do the math. e.g. 4096 bit rsa keys with AES256 cipher algo for the session key (assuming AES256 has the largest session key).
At least that's how I would tackle it.
SAM
- --
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
iQJABAEBCgAqBQJTO3m9IxxTYW0gR2xlc2tlIDxzYW0ubXhyYWNlckBnbWFpbC5j
b20+AAoJEOj3MjRyV+ZfwtgP/2USc47Fsf6zk6qEq/ZbImdIhjZubhx8CDomkTz7
GKXzOGwHpWVC+WtUNI9Dm8L1LKe4vT/WBTbjLIMqF963ds4MAR5abQk/aRsf8COV
pkjuY+FYEkcyQC0+1RWVQBakxm7Vp3WVLOOO5rlaj/5DULYhYiM7tEYPNR+Zk3ew
dxf/27we6OTzWClVwGEYQ0R4uIyo5f7OyRpzLrRgvWZhds8zQW1ha2oNMQLupHll
ZCibhNQ7W0rROqqk755c8lvlCSHz61g3IDvGQlpFWqo3iRVLJcW1/qa2Nz0Q0W3G
M/CK7kW1R51Wp0/esN0qNo5+lFyt60c3BQSFBBm1RS7T72bo34KIjY0G9ytccaIp
WhyTkVKZMx+kgpuFWsE5Ege+q42Wii3cNf1si0O2Iz72w9ckLBcNHj5ax1ndIm5o
Ir1jx759+yPd2Jg+ctOeY+XKXOMgHxOygYRX6IPUYqm5+4aO4pUijIs5s6wge1+7
okseitw7/qvX0i7jr0DKLXUDYVYuuBvaBWiJs5gtJeKMFTl/tR5qLV4A0hTdKdPw
2p4Eb9Nm/w5FYUbQq/yAFpD2HHEN3MmCE40zpAGaDAGWCTN7FrJFo9tWhenyenhi
bL0YPZ/OCeoFlg9QodaXiNLy5DwBp5DKx0dgJmxrAPU7LE7I5h/cGe3ShXelqxRq
auFu
=ku2m
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Wed Apr 2 06:37:22 2014
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 2 Apr 2014 00:37:22 -0400
Subject: Encrypted file-size approximation with multiple recipients
In-Reply-To: <20140401200128.46b62b28@bigbox.christie.dr>
References: <20140401200128.46b62b28@bigbox.christie.dr>
Message-ID: <015D1F30-1587-470E-860B-DDFC899BECF3@jabberwocky.com>
On Apr 1, 2014, at 9:01 PM, Tim Chase wrote:
> I've been trying to find a good explanation on how something like
>
> gpg -r DEADBEEF -r CAFEBABE -r 8BADFOOD -o output.gpg -e input.txt
>
> works. The best I've been able to find is this:
>
> http://lists.gnupg.org/pipermail/gnupg-users/2007-October/031938.html
>
> I'm mostly interested in the overhead, so I set up 4 distinct
> homedirs for testing. It looks like each additional recipient adds
> about 271 bytes (though one of them only has an extra 270 bytes), and
> there's a per-file overhead of about 66 or 67 bytes.
>
> So from my experimentation, the final file-size ends up being
> something like
>
> input_file_size + 67 + (271 * recipient_count)
>
> but I'm not sure how much that might change based on conditions I'm
> not taking into consideration (all my test GPG users were just
> gpg1 at example.com, gpg2 at example.com, etc), all with 2048-bit keys.
This can change pretty significantly given different key lengths, different algorithms, and perhaps most significantly, how compressible the original document is (by default GPG compresses data before encryption). An input file of text will compress very differently than an input file that's a jpeg (as jpegs are already compressed, and so do not benefit much from a second layer of compression).
> Is there a more formal formula that can be used to approximate the
> overhead of multi-recipient encryption?
Not really. If you constrain the problem as you have (everyone gets 2048 bit keys, etc), and constrain the input to a particular type of data, you can get a better approximation, but as soon as you open the problem up, the file sizes vary.
David
From johanw at vulcan.xs4all.nl Wed Apr 2 07:33:32 2014
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Wed, 02 Apr 2014 07:33:32 +0200
Subject: post-quantum computing in GnuPG
In-Reply-To: <533B4F0D.90901@sixdemonbag.org>
References:
<533B4F0D.90901@sixdemonbag.org>
Message-ID: <533BA12C.8020507@vulcan.xs4all.nl>
On 02-04-2014 1:43, Robert J. Hansen wrote:
> I know, I know -- "I didn't mean 'how do *I* implement it,' I meant 'are
> *you* going to implement it.'" And the answer there is probably not,
> not unless someone like you gets the ball rolling in the above fashion.
Or someone builds a working quantum computer with many bits and
demonstrate a working decryption of RSA-2048 in a few seconds. :-)
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From rjh at sixdemonbag.org Wed Apr 2 08:50:19 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 02 Apr 2014 02:50:19 -0400
Subject: post-quantum computing in GnuPG
In-Reply-To: <533BA12C.8020507@vulcan.xs4all.nl>
References:
<533B4F0D.90901@sixdemonbag.org> <533BA12C.8020507@vulcan.xs4all.nl>
Message-ID: <533BB32B.2030605@sixdemonbag.org>
> Or someone builds a working quantum computer with many bits and
> demonstrate a working decryption of RSA-2048 in a few seconds. :-)
Well, you'd need 4096 qubits in the ensemble, representing a state space
of something like 10^1233 (not a typo).
At that point I'm going to just give up and offer my services to our new
Space Overlords from Zarbnulax Prime. Maybe if I help round up pesky
humans they'll give me a ride in their FTL spaceships!
:)
From bw at norbl.com Wed Apr 2 10:02:24 2014
From: bw at norbl.com (Barnet Wagman)
Date: Wed, 02 Apr 2014 01:02:24 -0700
Subject: How does gnupng create keys?
Message-ID: <533BC410.9090609@norbl.com>
I'd like to know something about how gnupng create keys (for symmetric
encryption). I'm not looking for details, just an overview of how it's
done. Does anyone know of any documentation on this? I haven't found
any yet.
thanks
From cwal989 at comcast.net Wed Apr 2 10:54:51 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Wed, 02 Apr 2014 04:54:51 -0400
Subject: post-quantum computing in GnuPG
In-Reply-To: <533BB32B.2030605@sixdemonbag.org>
References:
<533B4F0D.90901@sixdemonbag.org> <533BA12C.8020507@vulcan.xs4all.nl>
<533BB32B.2030605@sixdemonbag.org>
Message-ID: <533BD05B.6080205@comcast.net>
On 4/2/2014 2:50 AM, Robert J. Hansen wrote:
>> Or someone builds a working quantum computer with many bits and
>> demonstrate a working decryption of RSA-2048 in a few seconds. :-)
Not likely in the near term... Maybe in 5000 years or so, but by then I
suspect computing as we know it will be ancient history (actually it *would* be)...
> Well, you'd need 4096 qubits in the ensemble, representing a state space
> of something like 10^1233 (not a typo).
That's a LOT of zeroes. Maybe my initial estimate was off by several dozen
orders of magnitude...
> At that point I'm going to just give up and offer my services to our new
> Space Overlords from Zarbnulax Prime. Maybe if I help round up pesky
> humans they'll give me a ride in their FTL spaceships!
LMAO! I got a good laugh out of this one. Thanks, I needed that...
>
> :)
Chris
From konrad.vrba at gmail.com Wed Apr 2 15:27:59 2014
From: konrad.vrba at gmail.com (Konrad Vrba)
Date: Wed, 2 Apr 2014 15:27:59 +0200
Subject: gpg: NOTE: trustdb not writable
Message-ID:
Hello,
I am using gpg on a system, which is mounted read-only. When I do the
following:
echo "hello" | gpg --lock-never --no-verbose -e -s -a -r user at example.com
I get an error:
gpg: NOTE: trustdb not writable
I don't understand why gpg should need write access inside user home, for
normal operation.
Is thre a way to stop this error message?
thanks,
Konrad
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From gnupg at tim.thechases.com Wed Apr 2 19:07:20 2014
From: gnupg at tim.thechases.com (Tim Chase)
Date: Wed, 2 Apr 2014 12:07:20 -0500
Subject: Encrypted file-size approximation with multiple recipients
In-Reply-To: <015D1F30-1587-470E-860B-DDFC899BECF3@jabberwocky.com>
References: <20140401200128.46b62b28@bigbox.christie.dr>
<015D1F30-1587-470E-860B-DDFC899BECF3@jabberwocky.com>
Message-ID: <20140402120720.3ac7dcf2@bigbox.christie.dr>
On 2014-04-02 00:37, David Shaw wrote:
> This can change pretty significantly given different key lengths,
> different algorithms, and perhaps most significantly, how
> compressible the original document is (by default GPG compresses
> data before encryption). An input file of text will compress very
> differently than an input file that's a jpeg (as jpegs are already
> compressed, and so do not benefit much from a second layer of
> compression).
Thanks both to David & Sam for their replies. While not exact
answers/formulas, they were both quite helpful:
1) I'd missed that GPG conveniently compresses the data before
encrypting which would explain some of the differences I saw.
2) getting a rough worst-case bound (larger RSA keys and algorithm
choice can impact) for per-recipient overhead.
It also helps come to terms with the fact that, in more than half of
my use cases (small plain-text/JSON messages), the multi-recipient
overhead will swamp the size of the actual compressed+encrypted
content. A fact that I can live with, but is nice to know up front.
Given that the recipients are in pre-defined groups would it make
more sense to multi-recipient-encrypt a single unique group-key, and
then encrypt all messages for that group with the given key? I do
see the possibility of a trust-leak where a group member could
decrypt the group key and then provide it to other non-group members,
but if that's the case, the untrustworthy group member could just
decrypt the messages and provide those directly. That's a risk I'm
willing to accept. Since it's wrapped in my program/code, I can
automate the group-key fetching from a UI perspective. I'm mostly
interested in things like regenerating the group key when group
members are removed, or adding additional group members to an
existing key, as well as any "good golly, man, that's idiotic because
of XYZ" warnings it might entail.
Thanks,
-Tim
From vedaal at nym.hush.com Wed Apr 2 19:55:21 2014
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Wed, 02 Apr 2014 13:55:21 -0400
Subject: Using an RSA GnuPG key for RSA ?
Message-ID: <20140402175521.53CD8C0455@smtp.hushmail.com>
Is it possible to generate an RSA key in GnuPG, and then use it (not in GnuPG, but in other systems using RSA keys), to encrypt and decrypt RSA messages?
If so, what portion of the GnuPG generated RSA key functions as a 'pure' RSA key?
(Is it isolatable by using --list-packets on the key?)
TIA,
vedaal
From wk at gnupg.org Wed Apr 2 22:51:02 2014
From: wk at gnupg.org (Werner Koch)
Date: Wed, 02 Apr 2014 22:51:02 +0200
Subject: How does gnupng create keys?
In-Reply-To: <533BC410.9090609@norbl.com> (Barnet Wagman's message of "Wed, 02
Apr 2014 01:02:24 -0700")
References: <533BC410.9090609@norbl.com>
Message-ID: <87r45fjw09.fsf@vigenere.g10code.de>
On Wed, 2 Apr 2014 10:02, bw at norbl.com said:
> I'd like to know something about how gnupng create keys (for symmetric
> encryption). I'm not looking for details, just an overview of how
> it's done. Does anyone know of any documentation on this? I haven't
> found any yet.
The Libgcrypt manual has a description of its architecture [1]. GnuPG
uses Libgcrypt and thus that library is responsible for creating RSA
keys. Libgcrypt is actually code stripped from an older version of
GnuPG, but the basic operation is even the same in the old versions
(i.e. GnuPG <= 1.4).
Shalom-Salam,
Werner
[1] http://gnupg.org/documentation/manuals/gcrypt/Architecture.html
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From ekleog at gmail.com Wed Apr 2 21:14:48 2014
From: ekleog at gmail.com (Leo Gaspard)
Date: Wed, 2 Apr 2014 21:14:48 +0200
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <20140402175521.53CD8C0455@smtp.hushmail.com>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
Message-ID: <20140402191448.GC3793@leortable>
On Wed, Apr 02, 2014 at 01:55:21PM -0400, vedaal at nym.hush.com wrote:
> Is it possible to generate an RSA key in GnuPG, and then use it (not in GnuPG, but in other systems using RSA keys), to encrypt and decrypt RSA messages?
>
> If so, what portion of the GnuPG generated RSA key functions as a 'pure' RSA key?
> (Is it isolatable by using --list-packets on the key?)
>
> TIA,
>
> vedaal
If you are not to use the key in gnupg, why make gnupg generate it in the first
place? Why not use the program with which you'll use the key to generate it? Or,
if the program does not offer this functionality, why not use openssl, which
provides this capability on purpose?
Were you to use the key both for gnupg and other systems, I would understand,
but doing things this way...?
Cheers,
Leo
From florian at florian-wolters.de Thu Apr 3 14:42:05 2014
From: florian at florian-wolters.de (Florian Wolters)
Date: Thu, 3 Apr 2014 14:42:05 +0200
Subject: Chipdrive SPR 532 and OpenPGP Card with 4096Bit RSA Keys
Message-ID: <20140403124204.GB11096@miraculix.wolters.lan>
Hello,
I bought a Chipdrive SPR 532 (aka Pinpad Pro) to read and write my PGP
RSA Keys on the OpenPGP smartcard V2. The reader is connected to a PC
running Ubuntu Linux 13.10. I passed all that gpg-agent vs.
gnome-keyring manager stuff successfully.
The problem is that I cannot authenticate an SSH login using a smartcard
that I previously wrote the key to (with another smartcard reader). It
fails after I entered the PIN.
The next try write my PGP key to the card also presented an "operation
failed" error. Does this smartcard reader not work in combination with
4096Bit RSA keys?
I already tried to update the firmware on the device (currently 4.51 or
so) to 5.10 but the update program also fails with an error message
saying nothing about the reason.
Has anyone this combination up and running and could point me into the
right direction to get this working?
Any help is appreciated. Thanks for reading.
Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL:
From sam.mxracer at gmail.com Thu Apr 3 16:39:28 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Thu, 3 Apr 2014 10:39:28 -0400
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <20140402191448.GC3793@leortable>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
<20140402191448.GC3793@leortable>
Message-ID:
On Wed, Apr 2, 2014 at 3:14 PM, Leo Gaspard wrote:
> Were you to use the key both for gnupg and other systems, I would
> understand,
> but doing things this way...?
>
I think generally it would be bad practice either way. A compromised
server happens more often than a compromised gpg key. Therefore if a
server gets compromised effectively your gpg private key has been
compromised. It would be best to keep them separate entirely and not reuse
the RSA key pair anywhere else. Treat your gpg private key like your
identity (i.e. social security number) because it really is your
identity... unless you want to go through the hassle of generating a new
key and having your web of trust go through the hassle of resigning it when
your RSA key gets compromised on a server.
openssl tools are simple enough that generating throw away RSA keys is a no
brainer. The same goes for most applications that support RSA keys.
SAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From timprepscius at gmail.com Thu Apr 3 21:06:57 2014
From: timprepscius at gmail.com (Tim Prepscius)
Date: Thu, 3 Apr 2014 15:06:57 -0400
Subject: checking signature of pgp mime
Message-ID:
Greetings,
So as I said before, I'm working on a pgp base web mail app:
https://github.com/timprepscius/mv
I am having problems validating the signature of a small percentage of
test cases. However GPG with apple-mail says the signatures checkout,
soo... I'm obviously doing something incorrectly.
Is there developer of gpg-apple-mail who could let me know, given a
specific example, what the actual block is which has been signed
(including whitespace/line endings/etc). (I think if I could solve
one problematic example, it would enable me to solve the others.)
An example problematic email is this:
http://pastebin.com/raw.php?i=1zm9sdcE
This is the derived block: (I send this into openpgpjs)
http://pastebin.com/raw.php?i=XThs22KR
-tim
From bw at norbl.com Thu Apr 3 23:21:08 2014
From: bw at norbl.com (Barnet Wagman)
Date: Thu, 03 Apr 2014 14:21:08 -0700
Subject: Length for AES256 symmetric encryption passphrase?
Message-ID: <533DD0C4.1080503@norbl.com>
This a rather naive question, but I haven't found and answer to it. When
doing symmetric encryption with AES256, is there any reason to have a
passphrase that exceeds 32 characters (since that's the length of the
AES key)?
thanks
From sam.mxracer at gmail.com Thu Apr 3 23:27:48 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Thu, 3 Apr 2014 17:27:48 -0400
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To: <533DD0C4.1080503@norbl.com>
References: <533DD0C4.1080503@norbl.com>
Message-ID:
You're making the assumption that 32 ASCII characters can produce every
possible binary combination in 256 bits. I don't know how AES handles
password phrases longer than 32 bytes but the key can be stronger I'd
imagine with more random data as the key. I'm simply presuming.
On Thu, Apr 3, 2014 at 5:21 PM, Barnet Wagman wrote:
> This a rather naive question, but I haven't found and answer to it. When
> doing symmetric encryption with AES256, is there any reason to have a
> passphrase that exceeds 32 characters (since that's the length of the AES
> key)?
>
> thanks
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From kristian.fiskerstrand at sumptuouscapital.com Thu Apr 3 23:28:58 2014
From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand)
Date: Thu, 03 Apr 2014 23:28:58 +0200
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To:
References: <533DD0C4.1080503@norbl.com>
Message-ID: <533DD29A.2090305@sumptuouscapital.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 04/03/2014 11:27 PM, Sam Gleske wrote:
> You're making the assumption that 32 ASCII characters can produce
> every possible binary combination in 256 bits. I don't know how
> AES handles password phrases longer than 32 bytes but the key can
> be stronger I'd imagine with more random data as the key. I'm
> simply presuming.
>
You'd want a key derivative function that produce an output of 32
bytes to use as the actual AES key. But you are indeed correct in the
point that what matter is the amount of entropy provided by the
passphrase.
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Varitatio delectat
Change pleases
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTPdKWAAoJEPw7F94F4TagiX0P/2FQ3P0tcmK8FxpBJXHXuWMN
FzKl61Vmh8PJ+EGfRGMGPnvWgRgbKYARTlc8iLCxfxqv4TKoZD382e3KJmAyceWU
6MgGtGImmKsDprfxJA3re8xndv5gPQE6E34ar/qfQWcm68z64nA7n8+vfaVdLzQ4
iLdnVjk46OdYpHLupgdfT27949vPwhbcZem1m1PrXLDMyn8Ir5y8Kahg2MA7r8G6
/BpkdHvU4weIdGmNR9sg2PJu651RbOZGL7mqezhg+4Kj74U3tYG3QcPH+UKrNjq3
dRggxowMiX5rXAHyEH8UufnihjnlqMe2pzPr7WRpqp8zkrlsg/BRa1awyzIiheBu
3poiQ7Lo0dbLe0zoSUJAGKiW1E7Mjh4KGfT4AKBq/NACbqAYqDjd5Ex+fwPZMbFv
Q0uhPFNkIV92ndXvYxnfLtL78qw8fzOt9/JwXJSQ+sfjxLdNz8JigDNiShfktLhI
N9v9OehPRpUVILPrzgcSWB5o24Rcf1pLZL1w/hrioIJpVeMSUAmnMMcYvSAGFfJB
bpCKE2BYAmx9TbcrJo/3oeBHwFql7h2ovpwTvbydjic5YvX/oe/xvzOJN6A2KjIQ
fQSymNgQF0wboaAnpLXvvqy0aTZErf37JbtimEemqN7n1hbdgxUeFpn7Vgm8op1d
j6zFfeqe1Y+uIRcboCXp
=YzbE
-----END PGP SIGNATURE-----
From kloecker at kde.org Fri Apr 4 00:28:34 2014
From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=)
Date: Fri, 4 Apr 2014 00:28:34 +0200
Subject: checking signature of pgp mime
In-Reply-To:
References:
Message-ID: <2648021.1WqSV7HOOE@thufir.ingo-kloecker.de>
On Thursday 03 April 2014 15:06:57 Tim Prepscius wrote:
> Greetings,
>
> So as I said before, I'm working on a pgp base web mail app:
> https://github.com/timprepscius/mv
>
> I am having problems validating the signature of a small percentage of
> test cases. However GPG with apple-mail says the signatures
> checkout, soo... I'm obviously doing something incorrectly.
KMail also says that the signature matches.
Looking at the two pastbins, it seems that you are trying to convert
OpenPGP/MIME-signed messages to RFC 4880-style cleartext signed messages
in order to verify the signatures. This transformation is not always
possible. In this particular case the signed data contains trailing
whitespace. If the sender (resp. his mail client) would have followed
the RFC 3156 then this trailing whitespace wouldn't be there. But it's
there. And that's what causing the trouble because the signature of a
cleartext signed message is computed with trailing whitespace removed.
That's why the signature does not match.
You have to verify the signature the way one verifies signed data with
detached signature.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL:
From dougb at dougbarton.us Fri Apr 4 04:54:05 2014
From: dougb at dougbarton.us (Doug Barton)
Date: Thu, 03 Apr 2014 19:54:05 -0700
Subject: checking signature of pgp mime
In-Reply-To:
References:
Message-ID: <533E1ECD.1020208@dougbarton.us>
On 04/03/2014 12:06 PM, Tim Prepscius wrote:
> Greetings,
>
> So as I said before, I'm working on a pgp base web mail app:
> https://github.com/timprepscius/mv
>
> I am having problems validating the signature of a small percentage of
> test cases. However GPG with apple-mail says the signatures checkout,
> soo... I'm obviously doing something incorrectly.
>
> Is there developer of gpg-apple-mail who could let me know, given a
> specific example, what the actual block is which has been signed
> (including whitespace/line endings/etc). (I think if I could solve
> one problematic example, it would enable me to solve the others.)
>
>
>
> An example problematic email is this:
> http://pastebin.com/raw.php?i=1zm9sdcE
>
> This is the derived block: (I send this into openpgpjs)
> http://pastebin.com/raw.php?i=XThs22KR
When dealing with Apple it's not you who is doing things incorrectly
with PGP-MIME messages, it's them. And to make it more exciting, they do
it wrong several different ways. :)
Take a look at https://dougbarton.us/PGP/ppf/index.html, particularly
the ppf_verify script. It has a bunch of exceptional cases on how to
mangle (or un-mangle if you prefer) various formats of PGP-MIME in order
for the signatures to verify.
hope this helps,
Doug
From bw at norbl.com Fri Apr 4 07:45:26 2014
From: bw at norbl.com (Barnet Wagman)
Date: Thu, 03 Apr 2014 22:45:26 -0700
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To: <533DD29A.2090305@sumptuouscapital.com>
References: <533DD0C4.1080503@norbl.com>
<533DD29A.2090305@sumptuouscapital.com>
Message-ID: <533E46F6.4000006@norbl.com>
> You'd want a key derivative function that produce an output of 32
> bytes to use as the actual AES key. But you are indeed correct in the
> point that what matter is the amount of entropy provided by the
> passphrase.
>
>
How long a passphrase is recommended for generating a 32 byte (AES) key?
I'll probably generate the passkey programmatically, so typing an
human memory are not issues.
From rjh at sixdemonbag.org Fri Apr 4 08:04:14 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 04 Apr 2014 02:04:14 -0400
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To: <533DD0C4.1080503@norbl.com>
References: <533DD0C4.1080503@norbl.com>
Message-ID: <533E4B5E.9060107@sixdemonbag.org>
> This a rather naive question, but I haven't found and answer to it. When
> doing symmetric encryption with AES256, is there any reason to have a
> passphrase that exceeds 32 characters (since that's the length of the
> AES key)?
Yes.
English has about 1.5 bits of entropy per symbol. A 32-character
passphrase could thus be any of about a trillion different things.
That's a 1 followed by 12 zeroes.
A 256-bit keyspace is so huge English can't describe it. It's a 1
followed by 77 zeroes. The difference between the two is sort of like
comparing a lit match to Supernova 1987A. The difference is on that
level of mind-boggling vastness.
Using plain English for the passphrase, a 170-character passphrase is
necessary to provide a full 256 bits of entropy.
From rjh at sixdemonbag.org Fri Apr 4 08:06:02 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 04 Apr 2014 02:06:02 -0400
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To: <533E46F6.4000006@norbl.com>
References: <533DD0C4.1080503@norbl.com>
<533DD29A.2090305@sumptuouscapital.com> <533E46F6.4000006@norbl.com>
Message-ID: <533E4BCA.1090704@sixdemonbag.org>
> How long a passphrase is recommended for generating a 32 byte (AES) key?
Depends on how you generate it and how much entropy you want.
For my high-security passphrases I grab 16 bytes (128 bits) from
/dev/urandom and base64-encode it. Works great for me and provides an
excellent security margin.
From sam.mxracer at gmail.com Fri Apr 4 16:46:52 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Fri, 4 Apr 2014 10:46:52 -0400
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To: <533E4B5E.9060107@sixdemonbag.org>
References: <533DD0C4.1080503@norbl.com> <533E4B5E.9060107@sixdemonbag.org>
Message-ID:
On Fri, Apr 4, 2014 at 2:04 AM, Robert J. Hansen wrote:
> Using plain English for the passphrase, a 170-character passphrase is
> necessary to provide a full 256 bits of entropy.
>
Interesting math. However, I believe the OP mentioned they're generating
the password and storing so human readable, i.e. English, isn't an issue.
What would be the recommended length for completely random characters
generated, for example, by a password manager such as keepassx?
SAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From sam.mxracer at gmail.com Fri Apr 4 16:48:26 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Fri, 4 Apr 2014 10:48:26 -0400
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To:
References: <533DD0C4.1080503@norbl.com> <533E4B5E.9060107@sixdemonbag.org>
Message-ID:
On Fri, Apr 4, 2014 at 10:46 AM, Sam Gleske wrote:
>
> On Fri, Apr 4, 2014 at 2:04 AM, Robert J. Hansen wrote:
>
>> Using plain English for the passphrase, a 170-character passphrase is
>> necessary to provide a full 256 bits of entropy.
>>
>
> Interesting math. However, I believe the OP mentioned they're generating
> the password and storing so human readable, i.e. English, isn't an issue.
> What would be the recommended length for completely random characters
> generated, for example, by a password manager such as keepassx?
>
To clarify and be more specific... if one were using the password as the
symmetric key in the GPG software (libcrypt)? Or perhaps even just using
openssl tools?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From ekleog at gmail.com Fri Apr 4 18:17:15 2014
From: ekleog at gmail.com (Leo Gaspard)
Date: Fri, 4 Apr 2014 18:17:15 +0200
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <20140403135618.5F823206E7@smtp.hushmail.com>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
<20140402191448.GC3793@leortable>
<20140403135618.5F823206E7@smtp.hushmail.com>
Message-ID: <20140404161715.GD3793@leortable>
On Thu, Apr 03, 2014 at 09:56:18AM -0400, vedaal at nym.hush.com wrote:
> On Wednesday, April 02, 2014 at 5:41 PM, "Leo Gaspard" wrote:
>
> >If you are not to use the key in gnupg, why make gnupg generate it
> >in the first
> >place? Why not use the program with which you'll use the key to
> >generate it?
>
> =====
>
> Where in the post did you get the idea that I would not?
>
> I trust GnuPG's generation of keys, but prefer not to trust closed source programs generating RSA keys.
> I would like to use my GnuPG RSA key, easily available on keyservers, for other RSA functions.
>
>
> vedaal
(As you didn't answer to list, I'm not cutting. Hope you didn't mean it to be a
private message, but it clearly didn't seem like one.)
Well... I inferred it from "use it (not in GnuPG, but in other systems using RSA
keys)", from your first message.
Anyway, as Sam puts it, you'd be better not putting your RSA key everywhere.
And... You say you do not trust closed source programs for key generation, but
does that mean you trust them for key usage? Otherwise, you could just as well
throw your key to the dustbin.
What I could propose would be to :
* Make a gpg key, master key, airgapped, etc.
* On each system on which you mean to use cryptography, generate a keypair
using the program with which you are going to use it (or possible openssl, if
the program does not generate keys).
* Sign the public key of each keypair with your gpg key. As it is not a stricto
sensu pgp key, sign the armored key as a plaintext message, if possible with
a preceding comment explaining what it is to be used for.
* Publish these signatures somewhere easily found.
* If you want so, encrypt the private key with your mainkey and store it
somewhere safe enough (it's encrypted, after all).
This way, each keypair gets the maximum security it can have : the security of
the application using the private keypart. (Actually, if you choose to keep an
encrypted backup, you also need to keep the mainkey safe, but that's supposed as
being the most protected part of the whole setup, so...)
What do you think about it?
Leo
From rjh at sixdemonbag.org Fri Apr 4 19:10:55 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 04 Apr 2014 10:10:55 -0700
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To:
References: <533DD0C4.1080503@norbl.com> <533E4B5E.9060107@sixdemonbag.org>
Message-ID: <20140404101055.Horde.bIXzyjMnYN6bFPb3VaAliQ1@mail.sixdemonbag.org>
> Interesting math. However, I believe the OP mentioned they're generating
> the password and storing so human readable, i.e. English, isn't an issue.
> What would be the recommended length for completely random characters
> generated, for example, by a password manager such as keepassx?
Your questions are not clear enough to be answered.
"What would the recommended length for completely random characters
generated, for example, by a password manager such as keepassx? If
one were using the password as the symmetric key in libgcrypt? Or
perhaps even just using openssl tools?"
1. Well, which password managers? Just because a character is
completely random tells me nothing about how much entropy is contained
in each symbol. "TTHTHHTTH" is a completely random sequence
(generated it just now by flipping a fair coin), but it only has one
bit of entropy per symbol. "fBTvC" is a completely non-random
sequence, but it has a lot more entropy per symbol. Without knowing
how a random password is generated I can't answer this.
2. Recommended for what purpose? 256 bits of entropy is wild
overkill for almost all purposes. 128 bits of entropy is generally
speaking plenty.
3. Which toolkit? libgcrypt and openssl are two completely different
toolkits that work in completely different ways, and an answer
appropriate for one might not be appropriate for the other.
4. What is it you really want to know? You already know: AES depends
on having a 32-bit key which can support up to 256 bits of entropy.
You've been told two good metrics for estimating entropy in a
passphrase: 1.5 bits per glyph of English text, 5 bits per glyph of
base-64ed random data.
From sam.mxracer at gmail.com Fri Apr 4 19:20:57 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Fri, 4 Apr 2014 13:20:57 -0400
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To: <20140404101055.Horde.bIXzyjMnYN6bFPb3VaAliQ1@mail.sixdemonbag.org>
References: <533DD0C4.1080503@norbl.com> <533E4B5E.9060107@sixdemonbag.org>
<20140404101055.Horde.bIXzyjMnYN6bFPb3VaAliQ1@mail.sixdemonbag.org>
Message-ID:
On Fri, Apr 4, 2014 at 1:10 PM, Robert J. Hansen wrote:
> 4. What is it you really want to know? You already know: AES depends on
> having a 32-bit key which can support up to 256 bits of entropy. You've
> been told two good metrics for estimating entropy in a passphrase: 1.5 bits
> per glyph of English text, 5 bits per glyph of base-64ed random data.
>
Just to be clear I'm not the OP so you don't accidentally confuse my
question with theirs. My original doesn't serve a purpose because I use
GPG for encrypting my files and leave it up to that and don't normally use
AES directly. My question was merely a curiosity so you can take it for
what it is.
Specifically, I said the password manager was keepassx for password
generation. I realize that GPG and openssl are entirely different.
Perhaps my question was too broad with too many variables to be properly
answered by a single person and should have been broken up into different
parts to appropriate audiences.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From vedaal at nym.hush.com Fri Apr 4 19:32:47 2014
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Fri, 04 Apr 2014 13:32:47 -0400
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <20140404161715.GD3793@leortable>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
<20140402191448.GC3793@leortable>
<20140403135618.5F823206E7@smtp.hushmail.com>
<20140404161715.GD3793@leortable>
Message-ID: <20140404173248.43DA2C0455@smtp.hushmail.com>
On Friday, April 04, 2014 at 12:49 PM, "Leo Gaspard" wrote:On Thu,
Apr 03, 2014 at 09:56:18AM -0400, vedaal at nym.hush.com wrote:
> On Wednesday, April 02, 2014 at 5:41 PM, "Leo Gaspard" wrote:
>
> >If you are not to use the key in gnupg, why make gnupg generate it
> >in the first
> >place? Why not use the program with which you'll use the key to
> >generate it?
>
> =====
>
> Where in the post did you get the idea that I would not?
>
> I trust GnuPG's generation of keys, but prefer not to trust closed
source programs generating RSA keys.
> I would like to use my GnuPG RSA key, easily available on
keyservers, for other RSA functions.
>
>
> vedaal
>And... You say you do not trust closed source programs for key
generation, but
does that mean you trust them for key usage?
=====
I trust them to encrypt to my public key, and was planning to work out
a system where I could decrypt on my own without it going through
them.
(they could have my public key, and verify my RSA signature).
[All this is in the theoretical planning stage ;-)
first I would need to be able to isolate my RSA part of my GnuPG key
and see if it can be used with an open source simple RSA program
offline.
That was my original question.]
vedaal
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rpuls at kcore.de Fri Apr 4 18:57:08 2014
From: rpuls at kcore.de (=?UTF-8?B?UmVuw6k=?= Puls)
Date: Fri, 4 Apr 2014 18:57:08 +0200
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To:
References: <533DD0C4.1080503@norbl.com> <533E4B5E.9060107@sixdemonbag.org>
Message-ID: <20140404185708.7785f02b@kcore.de>
On Fri, 4 Apr 2014 10:48:26 -0400 Sam Gleske
wrote:
> > What would be the recommended length for
> > completely random characters generated, for example, by a password
> > manager such as keepassx?
> >
>
> To clarify and be more specific... if one were using the password as
> the symmetric key in the GPG software (libcrypt)? Or perhaps even
> just using openssl tools?
I use this formula for my own random passwords:
L = Log(2^N) / Log(E)
L is the suggested length of the password
N is the key size in bits
E is the number of possible characters
For a mixed-case alphanumeric password, E is 62 (2*26 letters plus 10
digits). To create a random password equivalent in strength to a
128-bit key, you need Log(2^128) / Log(62) or about 22 characters. For
a 256-bit key, you need about 43 characters.
If you use a passphrase system like Diceware, take the number of
different words in the word list (7776 for standard Diceware) as E, and
the resulting L as the number of words in your passphrase. So using the
formula above, you need Log(2^128) / Log(7776) or about 10 words for a
128-bit key and about 20 words for a 256-bit key.
Of course, the way you generate, distribute, store, enter and verify
your passwords is probably far more important, so consider this formula
more like an upper bound on useful password lengths. :-)
Ren? (not a mathematician or cryptographer)
From bw at norbl.com Fri Apr 4 20:35:20 2014
From: bw at norbl.com (Barnet Wagman)
Date: Fri, 04 Apr 2014 11:35:20 -0700
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To: <20140404101055.Horde.bIXzyjMnYN6bFPb3VaAliQ1@mail.sixdemonbag.org>
References: <533DD0C4.1080503@norbl.com> <533E4B5E.9060107@sixdemonbag.org>
<20140404101055.Horde.bIXzyjMnYN6bFPb3VaAliQ1@mail.sixdemonbag.org>
Message-ID: <533EFB68.8060805@norbl.com>
To be clear, I want to use gnupgp to do symmetric encryption using
AES256. As I understand it, the 'gpg -symmetric ...' command converts a
pass phrase into a key, a 32 byte key in the case of AES256. I /assume/
that this conversion is 'deterministic' since as far as I can tell, the
'gpg -symmetric ...' does not store the key it generates. Correct me if
I'm wrong.
I am trying to decide how long a pass phrase to use. I have not decided
how to generate the pass phrase. Assume that it is pseudo-randomly
chosen from the an english language character set.
On 4/4/14, 10:10 AM, Robert J. Hansen wrote:
>> Interesting math. However, I believe the OP mentioned they're
>> generating
>> the password and storing so human readable, i.e. English, isn't an
>> issue.
>> What would be the recommended length for completely random characters
>> generated, for example, by a password manager such as keepassx?
>
> Your questions are not clear enough to be answered.
>
> "What would the recommended length for completely random characters
> generated, for example, by a password manager such as keepassx? If
> one were using the password as the symmetric key in libgcrypt? Or
> perhaps even just using openssl tools?"
>
> 1. Well, which password managers? Just because a character is
> completely random tells me nothing about how much entropy is contained
> in each symbol. "TTHTHHTTH" is a completely random sequence
> (generated it just now by flipping a fair coin), but it only has one
> bit of entropy per symbol. "fBTvC" is a completely non-random
> sequence, but it has a lot more entropy per symbol. Without knowing
> how a random password is generated I can't answer this.
>
> 2. Recommended for what purpose? 256 bits of entropy is wild
> overkill for almost all purposes. 128 bits of entropy is generally
> speaking plenty.
>
> 3. Which toolkit? libgcrypt and openssl are two completely different
> toolkits that work in completely different ways, and an answer
> appropriate for one might not be appropriate for the other.
>
> 4. What is it you really want to know? You already know: AES depends
> on having a 32-bit key which can support up to 256 bits of entropy.
> You've been told two good metrics for estimating entropy in a
> passphrase: 1.5 bits per glyph of English text, 5 bits per glyph of
> base-64ed random data.
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From ekleog at gmail.com Fri Apr 4 21:13:23 2014
From: ekleog at gmail.com (Leo Gaspard)
Date: Fri, 4 Apr 2014 21:13:23 +0200
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <20140404173248.43DA2C0455@smtp.hushmail.com>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
<20140402191448.GC3793@leortable>
<20140403135618.5F823206E7@smtp.hushmail.com>
<20140404161715.GD3793@leortable>
<20140404173248.43DA2C0455@smtp.hushmail.com>
Message-ID: <20140404191323.GE3793@leortable>
On Fri, Apr 04, 2014 at 01:32:47PM -0400, vedaal at nym.hush.com wrote:
> I trust them to encrypt to my public key, and was planning to work out
> a system where I could decrypt on my own without it going through
> them.
> (they could have my public key, and verify my RSA signature).
>
> [All this is in the theoretical planning stage ;-)
> first I would need to be able to isolate my RSA part of my GnuPG key
> and see if it can be used with an open source simple RSA program
> offline.
>
> That was my original question.]
> vedaal
Well... As this seems not documented (otherwise I guess someone else would have
answered you), I'm going to assume there is no such function available in gnupg.
So, this (and the reasons explained by Sam) explains the reason why I'm trying
to figure out what you actually want to do, in order to perhaps propose you
another solution, instead of merely answering you to write your own extractor.
So, if you forgive my bluntness... With what closed program are you trying to
interface? Why would you want to use your pgp keypair for this program, and not
a key generated for this use?
From rjh at sixdemonbag.org Fri Apr 4 22:04:26 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 04 Apr 2014 13:04:26 -0700
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To: <20140404185708.7785f02b@kcore.de>
References: <533DD0C4.1080503@norbl.com> <533E4B5E.9060107@sixdemonbag.org>
<20140404185708.7785f02b@kcore.de>
Message-ID: <20140404130426.Horde.n32M2jOSmrQd-xrq3B3Ing1@mail.sixdemonbag.org>
> Ren? (not a mathematician or cryptographer)
Looks good to me. My only correction is a notational one. Keyspaces
are normally expressed in bits of entropy, not in 2^N bits of entropy.
I'd suggest:
L = (3N) / (10 * log S)
... where 'L' is the length of the string in terms of its base
component, N is the desired entropy in bits, and S is the keyspace of
the string's base component. This avoids having to compute logarithms
base-2, since 3/10 is an astonishingly good approximation of two in
log-10.
Plugging in the numbers for Diceware and a 256-bit key:
L = (3 * 256) / (10 * log 7776)
L = 768 / (10 * 3.89)
L = 768 / 38.9
L = 19.74
Round it up to 20 words and call it done.
This is simple enough that you can turn it into a snippet of
Javascript, a Python applet, or anything. It's not much work at all.
If anyone wants, I'd be happy to put up a passphrase length calculator.
And let me repeat, Ren?, you got the math absolutely right. All I did
was clean it up a little bit to remove an obnoxious 2^godawful
calculation. :)
From rjh at sixdemonbag.org Fri Apr 4 22:14:09 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 04 Apr 2014 13:14:09 -0700
Subject: Length for AES256 symmetric encryption passphrase?
In-Reply-To: <533EFB68.8060805@norbl.com>
References: <533DD0C4.1080503@norbl.com> <533E4B5E.9060107@sixdemonbag.org>
<20140404101055.Horde.bIXzyjMnYN6bFPb3VaAliQ1@mail.sixdemonbag.org>
<533EFB68.8060805@norbl.com>
Message-ID: <20140404131409.Horde.RS2SjhYAWCYrUtRev_oTIg1@mail.sixdemonbag.org>
> To be clear, I want to use gnupgp to do symmetric encryption using
> AES256. As I understand it, the 'gpg -symmetric ...' command
> converts a pass phrase into a key, a 32 byte key in the case of
> AES256.
Correct!
> I /assume/ that this conversion is 'deterministic' since as far as
> I can tell, the 'gpg -symmetric ...' does not store the key it
> generates. Correct me if I'm wrong.
Again, correct!
> I am trying to decide how long a pass phrase to use. I have not
> decided how to generate the pass phrase. Assume that it is
> pseudo-randomly chosen from the an english language character set.
Then this becomes pretty straightforward. :) Let's say you use the
upper- and lower-case letters, the digits 0 through 9, as well as the
'+' and '/' marks. This character set is commonly called 'base64',
since there are 64 symbols in the set.
Using the equation Ren? provided and I polished a bit, you have:
3 * 256
> On Thursday 03 April 2014 15:06:57 Tim Prepscius wrote:
> > Greetings,
> >
> > So as I said before, I'm working on a pgp base web mail app:
> > https://github.com/timprepscius/mv
> >
> > I am having problems validating the signature of a small percentage of
> > test cases. However GPG with apple-mail says the signatures
> > checkout, soo... I'm obviously doing something incorrectly.
> KMail also says that the signature matches.
Does KMail (or any other mail application) allow the user to get a
dump of the signed portion of the message?
(apple mail doesn't and the gpg debugging doesn't include it).
I need to get a hex dump of what was successfully verified.
I've spent many an hour now removing a little white space here, a
little white space there with no verified signature. (using a
signature block in a detached file)
-tim
From peter at digitalbrains.com Sat Apr 5 13:08:15 2014
From: peter at digitalbrains.com (Peter Lebbing)
Date: Sat, 05 Apr 2014 13:08:15 +0200
Subject: Chipdrive SPR 532 and OpenPGP Card with 4096Bit RSA Keys
In-Reply-To: <20140403124204.GB11096@miraculix.wolters.lan>
References: <20140403124204.GB11096@miraculix.wolters.lan>
Message-ID: <533FE41F.4030009@digitalbrains.com>
On 03/04/14 14:42, Florian Wolters wrote:
> Has anyone this combination up and running and could point me into the
> right direction to get this working?
It works for me. I have an SPR 532 with firmware v5.10, and I'm running Debian
testing x86_64. I'm using GnuPG's internal CCID driver.
I couldn't generate a 4096-bit key on the card, but I could transfer one with
"keytocard". At that point, the key length mentioned in --card-status was
already set to 4096 bit by the failed generation attempt; that might have made a
difference.
It went along these lines:
------------------88------------------
peter at tweek:~$ gpg2 --expert --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
Your selection? 8
Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify Encrypt
[...]
Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 42048
[...]
peter at tweek:~$ gpg2 --expert --edit-key 40AF7983
[...]
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
Your selection? 8
[...]
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Authenticate
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
[...]
[...irrelevant part skipped...]
peter at tweek:~$ gpg2 --expert --edit-key 40AF7983
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 2048R/40AF7983 created: 2014-04-05 expires: 2014-04-12 usage: SC
trust: never validity: unknown
sub 4096R/80369970 created: 2014-04-05 expires: 2014-04-12 usage: A
[ unknown] (1). Test 4k
gpg> toggle
sec 2048R/40AF7983 created: 2014-04-05 expires: 2014-04-12
ssb 4096R/80369970 created: 2014-04-05 expires: never
(1) Test 4k
gpg> key 1
sec 2048R/40AF7983 created: 2014-04-05 expires: 2014-04-12
ssb* 4096R/80369970 created: 2014-04-05 expires: never
(1) Test 4k
gpg> keytocard
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
Please select where to store the key:
(3) Authentication key
Your selection? 3
sec 2048R/40AF7983 created: 2014-04-05 expires: 2014-04-12
ssb* 4096R/80369970 created: 2014-04-05 expires: never
card-no: 0005 0000106E
(1) Test 4k
gpg> Save changes? (y/N) y
peter at tweek:~$ gpg2 --card-status
[...]
Key attributes ...: 4096R 4096R 4096R
[...]
Signature key ....: [none]
Encryption key....: [none]
Authentication key: D39E 61C2 8678 7B4B A1CD 84A2 4529 4317 8036 9970
created ....: 2014-04-05 09:35:02
General key info..: pub 4096R/80369970 2014-04-05 Test 4k
sec 2048R/40AF7983 created: 2014-04-05 expires: 2014-04-12
ssb> 4096R/80369970 created: 2014-04-05 expires: 2014-04-12
card-no: 0005 0000106E
peter at tweek:~$ ssh-add -l
4096 88:a5:ad:f8:a9:33:75:2f:08:7d:c0:ad:7e:97:cd:c3 cardno:00050000106E (RSA)
2048 bc:8d:69:cf:45:aa:ea:c3:df:8d:e4:f4:a4:9e:c6:08 /home/peter/.ssh/id_rsa (RSA)
peter at tweek:~$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2[...]ao3lYk5DHJk0EkW6Q== cardno:00050000106E
ssh-rsa AAAAB3NzaC1yc[...]PRw/seKuoX2PANuDWQ== /home/peter/.ssh/id_rsa
------------------88------------------
I added the card public key to an authorized_keys file and could log in with
that key without any problems.
I have updated the firmware to v5.10 a long time ago. I think I used Windows XP
for that.
So it can work. I hope that bit of information helps in your quest for 4k
authentication :). Or you could create a shorter key. Auth keys can be changed
relatively easily, though not as easily as signature keys. More importantly,
they don't protect any secret data (just a random challenge), so I don't think
there's any reason to go beyond, say, 2048 bits.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From florian at florian-wolters.de Sat Apr 5 15:57:57 2014
From: florian at florian-wolters.de (Florian Wolters)
Date: Sat, 5 Apr 2014 15:57:57 +0200
Subject: Chipdrive SPR 532 and OpenPGP Card with 4096Bit RSA Keys
In-Reply-To: <533FE41F.4030009@digitalbrains.com>
References: <20140403124204.GB11096@miraculix.wolters.lan>
<533FE41F.4030009@digitalbrains.com>
Message-ID: <20140405135757.GA6302@miraculix.wolters.lan>
Hi all,
> It works for me. I have an SPR 532 with firmware v5.10, and I'm running Debian
> testing x86_64. I'm using GnuPG's internal CCID driver.
I got this working as well. The problem oviously indeed lies with the
firware version of the smartcard reader. I managed to update the
firwamre to 5.10 using a physical serial RS-232 port to connect the
reader. The former tries with the USB interface on a VirtualBox machine
did not work.
But concerning the keys I got another question: How can I tell gnupg to
use keys that are already stored on the card? I do have my private key
on the card already and want to use this card on another computer? Do I
have to import my keypair again and then "keytocard"?
Or can I tell gnupg somehow to use the key already existing on the card?
Regards
Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL:
From timprepscius at gmail.com Sat Apr 5 19:05:50 2014
From: timprepscius at gmail.com (Tim Prepscius)
Date: Sat, 5 Apr 2014 13:05:50 -0400
Subject: checking signature of pgp mime
In-Reply-To:
References:
Message-ID:
It turns out Doug Barton's ppf_mime was able to generate the block + sig.
So, I have a working example.
Thanks for your time,
-tim
On 4/4/14, Tim Prepscius wrote:
>> On Thursday 03 April 2014 15:06:57 Tim Prepscius wrote:
>> > Greetings,
>> >
>> > So as I said before, I'm working on a pgp base web mail app:
>> > https://github.com/timprepscius/mv
>> >
>> > I am having problems validating the signature of a small percentage of
>> > test cases. However GPG with apple-mail says the signatures
>> > checkout, soo... I'm obviously doing something incorrectly.
>
>> KMail also says that the signature matches.
>
> Does KMail (or any other mail application) allow the user to get a
> dump of the signed portion of the message?
>
> (apple mail doesn't and the gpg debugging doesn't include it).
>
> I need to get a hex dump of what was successfully verified.
> I've spent many an hour now removing a little white space here, a
> little white space there with no verified signature. (using a
> signature block in a detached file)
>
> -tim
>
From dougb at dougbarton.us Sat Apr 5 21:34:33 2014
From: dougb at dougbarton.us (Doug Barton)
Date: Sat, 05 Apr 2014 12:34:33 -0700
Subject: checking signature of pgp mime
In-Reply-To:
References:
Message-ID: <53405AC9.7090503@dougbarton.us>
On 04/05/2014 10:05 AM, Tim Prepscius wrote:
> It turns out Doug Barton's ppf_mime was able to generate the block + sig.
> So, I have a working example.
Awesome! If you come up with any suggestions for improvements feel free
to send them along. I haven't touched that code in years because I
haven't _seen_ any new pathological cases, but that doesn't mean none
exist. :)
> Thanks for your time,
Glad to help.
Doug
From pete at heypete.com Sat Apr 5 22:09:58 2014
From: pete at heypete.com (Pete Stephenson)
Date: Sat, 5 Apr 2014 22:09:58 +0200
Subject: Chipdrive SPR 532 and OpenPGP Card with 4096Bit RSA Keys
In-Reply-To: <20140405135757.GA6302@miraculix.wolters.lan>
References: <20140403124204.GB11096@miraculix.wolters.lan>
<533FE41F.4030009@digitalbrains.com>
<20140405135757.GA6302@miraculix.wolters.lan>
Message-ID:
On Sat, Apr 5, 2014 at 3:57 PM, Florian Wolters
wrote:
> But concerning the keys I got another question: How can I tell gnupg to
> use keys that are already stored on the card? I do have my private key
> on the card already and want to use this card on another computer? Do I
> have to import my keypair again and then "keytocard"?
>
> Or can I tell gnupg somehow to use the key already existing on the card?
When you run "keytocard" the private key is moved to the card and then
the private key on the computer is then replaced with a "stub" that
says "The private key is located on the smartcard with a serial number
of $SERIAL_NUMBER" so GnuPG knows where to look and, if the card is
not present, prompt you for the right card. (Be sure you have a backup
of your actual private key before running "keytocard", if that's
something you'd like to do.)
As far as I know, there are two options for setting up a second system
to have the stub without actually needing to import your actual
private key:
1. You can export the stub "private" key (I use quotes because unlike
a real private key, the stub is not sensitive information) from your
first computer and then import it into the second just as you would do
if you were importing any other private key.
2. Import only the your public key to the second computer, then insert
the smartcard and run "gpg --card-status". This will detect the card
and generate the appropriate stub. This is the method I usually do.
Cheers!
-Pete
--
Pete Stephenson
From vedaal at nym.hush.com Sun Apr 6 16:29:25 2014
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Sun, 06 Apr 2014 10:29:25 -0400
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <20140404191323.GE3793@leortable>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
<20140402191448.GC3793@leortable>
<20140403135618.5F823206E7@smtp.hushmail.com>
<20140404161715.GD3793@leortable>
<20140404173248.43DA2C0455@smtp.hushmail.com>
<20140404191323.GE3793@leortable>
Message-ID: <20140406142925.8E4C7C0455@smtp.hushmail.com>
On 04/04/2014 at 4:05 PM, "Leo Gaspard" wrote:
>Well... As this seems not documented (otherwise I guess someone else would have
>answered you), I'm going to assume there is no such function available in gnupg.
=====
I think it should be quite doable, by those fluent in rfc 2440, 4880, but I cannot impose upon them if they do not have time to do so.
I will try it myself and see how it goes.
This Is how I thought about doing it. If anyone has advice about it, I am thankful in advance, but please do not use up your time in asking me for what, and telling me why it can absolutely never work..
I have access to a Professor who is an authority on RSA, and once I have everything done and ready, I can ask him if it would be secure/advisable to proceed,
but cannot take advantage of him by asking more than once.
For simplicity, I would start with a V3 RSA key,
.(V4 keys have ability to add subkeys, and the ability to have a master key do either signing only, or both signing or encrypting.
I'm not sure, but think that because of this, it may add other material that obscures extracting only the RSA part of the key.
Once I can get it to work with a v3 key, will try to extract part by part from the V4 key).
So, here's the tentative plan:
[1] Generate a v3 test key in pgp 2.x
[2] Import it to GnuPG
[3] Remove the passphrase
[4] Export it as a .asc file
[5] Examine it in PGPdump, and extract the RSA components
[6] Try it out in an RSA program offline.
(Obviously, for a real secret key, would not use the online PGPdump)
Any help or criticism about how to extract a functional RSA key would be appreciated.
TIA,
vedaal
From peter at digitalbrains.com Sun Apr 6 21:50:06 2014
From: peter at digitalbrains.com (Peter Lebbing)
Date: Sun, 06 Apr 2014 21:50:06 +0200
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <20140406142925.8E4C7C0455@smtp.hushmail.com>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
<20140402191448.GC3793@leortable>
<20140403135618.5F823206E7@smtp.hushmail.com>
<20140404161715.GD3793@leortable>
<20140404173248.43DA2C0455@smtp.hushmail.com>
<20140404191323.GE3793@leortable>
<20140406142925.8E4C7C0455@smtp.hushmail.com>
Message-ID: <5341AFEE.1010308@digitalbrains.com>
On 06/04/14 16:29, vedaal at nym.hush.com wrote:
> [5] Examine it in PGPdump, and extract the RSA components
On Debian, there is the pgpdump package which, I just tested, outputs the
private key components in hex (or hex escaped string with -g).
Also, when I did apt-cache search pgpdump, I noticed there is a Python library:
[1]. That might be even better for your purpose.
HTH,
Peter.
[1] https://pypi.python.org/pypi/pgpdump/
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From vedaal at nym.hush.com Sun Apr 6 21:54:27 2014
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Sun, 06 Apr 2014 15:54:27 -0400
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <5341AFEE.1010308@digitalbrains.com>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
<20140402191448.GC3793@leortable>
<20140403135618.5F823206E7@smtp.hushmail.com>
<20140404161715.GD3793@leortable>
<20140404173248.43DA2C0455@smtp.hushmail.com>
<20140404191323.GE3793@leortable>
<20140406142925.8E4C7C0455@smtp.hushmail.com>
<5341AFEE.1010308@digitalbrains.com>
Message-ID: <20140406195427.45091C0455@smtp.hushmail.com>
On 04/06/2014 at 3:50 PM, "Peter Lebbing" wrote:
>
>On 06/04/14 16:29, vedaal at nym.hush.com wrote:
>> [5] Examine it in PGPdump, and extract the RSA components
>
>On Debian, there is the pgpdump package which, I just tested,
>outputs the
>private key components in hex (or hex escaped string with -g).
>
>Also, when I did apt-cache search pgpdump, I noticed there is a
>Python library:
>[1]. That might be even better for your purpose.
>
>HTH,
>
>Peter.
>
>[1] https://pypi.python.org/pypi/pgpdump/
=====
Yes,
Python should be simpler to use in ubuntu
THANKS !!!
vedaal
From dkg at fifthhorseman.net Mon Apr 7 06:05:43 2014
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 07 Apr 2014 00:05:43 -0400
Subject: Encrypted file-size approximation with multiple recipients
In-Reply-To: <20140402120720.3ac7dcf2@bigbox.christie.dr>
References: <20140401200128.46b62b28@bigbox.christie.dr>
<015D1F30-1587-470E-860B-DDFC899BECF3@jabberwocky.com>
<20140402120720.3ac7dcf2@bigbox.christie.dr>
Message-ID: <53422417.7080206@fifthhorseman.net>
On 04/02/2014 01:07 PM, Tim Chase wrote:
> 1) I'd missed that GPG conveniently compresses the data before
> encrypting which would explain some of the differences I saw.
[...]
> in more than half of my use cases (small plain-text/JSON messages)
It sounds to me like you might be setting up some sort of automated
encrypted JSON message-passing scheme. If so, you should be aware that
if any of the encrypted JSON could be controlled by an attacker, that
attacker could possibly learn information about the other parts of the
message that are not controlled by them when using compression, just by
inspecting the size of the traffic.
This is essentially how the CRIME attack against TLS works, but the
theoretical framework of the attack itself isn't necessarily limited to TLS.
Please make sure you understand the CRIME attack against TLS and your
mechanism's use cases well enough to be certain that a comparable attack
isn't applicable, or just explicitly turn off compression for your
OpenPGP-encrypted data if you can afford the extra bandwidth and are
unsure about the use cases to which other people might put your protocol.
hth,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL:
From dkg at fifthhorseman.net Mon Apr 7 07:39:16 2014
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 07 Apr 2014 01:39:16 -0400
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <20140402175521.53CD8C0455@smtp.hushmail.com>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
Message-ID: <53423A04.6010603@fifthhorseman.net>
On 04/02/2014 01:55 PM, vedaal at nym.hush.com wrote:
> Is it possible to generate an RSA key in GnuPG, and then use it (not in GnuPG, but in other systems using RSA keys), to encrypt and decrypt RSA messages?
i think you might be interested in openpgp2pem from the monkeysphere
package.
> If so, what portion of the GnuPG generated RSA key functions as a 'pure' RSA key?
I don't think this question is actually the question you want to ask.
"pure" RSA is extremely limited, and a secret RSA key is usually only
used for either signing or decrypting symmetric session keys, whether
that's in TLS or OpenPGP or CMS or any other place where RSA is used.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL:
From johanw at vulcan.xs4all.nl Mon Apr 7 08:06:18 2014
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Mon, 07 Apr 2014 08:06:18 +0200
Subject: Removing old preferences from exported key
Message-ID: <5342405A.8000601@vulcan.xs4all.nl>
Hallo,
I changed the preferences for my gpg key to add the new Camelia ciphers
and move IDEA more backward as I got problems with people with old pgp
keys using old gnupg versions claiming they supported it but actually
didn't support it.
However, when I export the key it now contains both preference
signatures. I did export it with
export-options export-clean-sigs export-clean-uids
in gpg.conf.
How do I export it removing the first preference signature?
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From dshaw at jabberwocky.com Mon Apr 7 15:16:36 2014
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 7 Apr 2014 09:16:36 -0400
Subject: Removing old preferences from exported key
In-Reply-To: <5342405A.8000601@vulcan.xs4all.nl>
References: <5342405A.8000601@vulcan.xs4all.nl>
Message-ID: <3447A39B-BEC6-4569-8B39-627E1747FB7B@jabberwocky.com>
On Apr 7, 2014, at 2:06 AM, Johan Wevers wrote:
> Hallo,
>
> I changed the preferences for my gpg key to add the new Camelia ciphers
> and move IDEA more backward as I got problems with people with old pgp
> keys using old gnupg versions claiming they supported it but actually
> didn't support it.
>
> However, when I export the key it now contains both preference
> signatures. I did export it with
>
> export-options export-clean-sigs export-clean-uids
>
> in gpg.conf.
>
> How do I export it removing the first preference signature?
When you change preferences you add another selfsig for your user ID that contains the new preferences. If you want to make the old preferences go away completely, you can simply delete the old selfsig via delsig (you only need one selfsig, and the newer one is already present). However, this won't necessarily do what you want - since keyservers are strictly additive, even if you delete the old selfsig, when you upload to a keyserver, any keyserver that has seen the key with the old selfsig will put it back. Similarly, if someone had your key with the old selfsig, sending them the new preference will cause them to have both.
Luckily in practice, this isn't a problem - most implementations will ignore the old selfsig/preference in favor of the newer one.
David
From vedaal at nym.hush.com Mon Apr 7 16:19:12 2014
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Mon, 07 Apr 2014 10:19:12 -0400
Subject: Using an RSA GnuPG key for RSA ?
In-Reply-To: <53423A04.6010603@fifthhorseman.net>
References: <20140402175521.53CD8C0455@smtp.hushmail.com>
<53423A04.6010603@fifthhorseman.net>
Message-ID: <20140407141917.C7F8F205CF@smtp.hushmail.com>
On Monday, April 07, 2014 at 1:39 AM, "Daniel Kahn Gillmor" wrote:
>
>On 04/02/2014 01:55 PM, vedaal at nym.hush.com wrote:
>> Is it possible to generate an RSA key in GnuPG, and then use it
>(not in GnuPG, but in other systems using RSA keys), to encrypt
>and decrypt RSA messages?
>
>i think you might be interested in openpgp2pem from the
>monkeysphere
>package.
>
>> If so, what portion of the GnuPG generated RSA key functions as
>a 'pure' RSA key?
>
>I don't think this question is actually the question you want to
>ask.
>"pure" RSA is extremely limited, and a secret RSA key is usually
>only
>used for either signing or decrypting symmetric session keys,
>whether
>that's in TLS or OpenPGP or CMS or any other place where RSA is
>used.
>
> --dkg
=====
OK, Thanks.
vedaal
From adrelanos at riseup.net Tue Apr 8 01:03:22 2014
From: adrelanos at riseup.net (Patrick Schleizer)
Date: Mon, 07 Apr 2014 23:03:22 +0000
Subject: key signing in Leipzig, Germany
Message-ID: <53432EBA.7080001@riseup.net>
Hi,
anyone interested to meet up for key signing in Leipzig, Germany?
Please contact me off list.
Cheers,
Patrick
From petermichaux at gmail.com Tue Apr 8 06:45:20 2014
From: petermichaux at gmail.com (Peter Michaux)
Date: Mon, 7 Apr 2014 21:45:20 -0700
Subject: Use GnuPG in an automated environment?
Message-ID:
Hi,
I am creating a Debian APT repository of system packages. I need to
sign the repository's Release file, creating detached signature file
Release.gpg, so that packages can be installed on another Debian
system with `apt-get install` without the complaint "WARNING: The
following packages cannot be authenticated!". I can manually create
the Release.gpg file which requires typing my GnuPG key's passphrase.
I want to automate/script the creation of all the repository's
generated files so that a cron job can generate them when the
repository's package list changes. This means that creating the
Release.gpg file cannot require my GnuPG key's passphrase. I have
actually succeeded at creating the Release.gpg file without needing my
GnuPG key's passphrase following a combination of the instructions
from the following.
* http://www.gnupg.org/faq/gnupg-faq.html#automated_use
* http://www.slpicare.org/unix/automating_signing_with_GPG.html
The process is complex enough that I have little confidence that I'm
doing everything correctly and/or securely. I'm experimenting and
trying to understand all the related commands better. I noticed
something that seems incorrect or at least suspicious and worth asking
about.
I can list all of the keys that I've created.
peter at alpha.com:~$ gpg --homedir ~/.gnupg.insec --list-keys
/home/peter/.gnupg.insec/pubring.gpg
------------------------------------
pub 2048D/13FC9B38 2014-04-07
uid Peter Michaux (My Comment)
sub 2048g/A2D0ED65 2014-04-07
sub 2048D/215D17CD 2014-04-07
The first two keys, 13FC9B38 and A2D0ED65, were the ones created when
I originally used `gpg --gen-key`. I followed the tutorials about
using GnuGP in an automated environment to create the third key,
215D17CD, with no password.
To understand things better, I want to ensure that I can properly
select/control the key I want to use during signing with the
`--default-key` option to the `gpg` command line tool. This is where
things look suspicous to me.
peter at alpha.com:~/drepo$ gpg --homedir ~/.gnupg.insec \
--verbose \
--detach-sign \
--default-key 13FC9B38 \
--output dists/stable/Release.gpg \
dists/stable/Release
gpg: using subkey 215D17CD instead of primary key 13FC9B38
gpg: writing to `dists/stable/Release.gpg'
gpg: using subkey 215D17CD instead of primary key 13FC9B38
gpg: DSA/SHA256 signature from: "215D17CD Peter Michaux (Black
Iron Beast) "
Why does gpg use the third key in the list when I've specifically
requested it use the first key in the list? (Yes, ultimately I want to
use the third key in the list but I want to know why gpg is defing my
wishes in the above command.)
Thanks.
Peter
From johanw at vulcan.xs4all.nl Tue Apr 8 07:48:38 2014
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Tue, 08 Apr 2014 07:48:38 +0200
Subject: Removing old preferences from exported key
In-Reply-To: <3447A39B-BEC6-4569-8B39-627E1747FB7B@jabberwocky.com>
References: <5342405A.8000601@vulcan.xs4all.nl>
<3447A39B-BEC6-4569-8B39-627E1747FB7B@jabberwocky.com>
Message-ID: <53438DB6.3040900@vulcan.xs4all.nl>
On 07-04-2014 15:16, David Shaw wrote:
> When you change preferences you add another selfsig for your
> user ID that contains the new preferences.
> If you want to make the old preferences go away completely,
> you can simply delete the old selfsig via delsig
Yers, that removes it completely from my keyring. That's not necessary
and will be undone after the first sync with the keyservers anyway.
However, is there a way to remove it from the exported key only - to
keep the size of the exported key as small as possible? The export
options didn't do that as list-packets showed.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From dkg at fifthhorseman.net Tue Apr 8 07:57:05 2014
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 08 Apr 2014 01:57:05 -0400
Subject: Use GnuPG in an automated environment?
In-Reply-To:
References:
Message-ID: <53438FB1.9020006@fifthhorseman.net>
On 04/08/2014 12:45 AM, Peter Michaux wrote:
> I am creating a Debian APT repository of system packages. I need to
> sign the repository's Release file, creating detached signature file
> Release.gpg, so that packages can be installed on another Debian
> system with `apt-get install` without the complaint "WARNING: The
> following packages cannot be authenticated!". I can manually create
> the Release.gpg file which requires typing my GnuPG key's passphrase.
sorry to not get into the GnuPG specifics, but how are you managing the
apt repository?
the reprepro APT repository management tool includes mechanisms for
specifying which key to use for signing and automatically triggers
signing when something has changed in the repo (or you can ask it to
re-sign if you need that).
http://mirrorer.alioth.debian.org/
(the debian reprepro package is just fine for this)
i recommend using reprepro to manage the APT respository unless you have
a compelling reason to manage all the rest of this stuff yourself.
You can use reprepro locally to build the repository someplace where you
have access to the signing key and then use rsync or the equivalent to
push out the updates to any network-accessible mirrors.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL:
From petermichaux at gmail.com Tue Apr 8 08:16:22 2014
From: petermichaux at gmail.com (Peter Michaux)
Date: Mon, 7 Apr 2014 23:16:22 -0700
Subject: Use GnuPG in an automated environment?
In-Reply-To: <53438FB1.9020006@fifthhorseman.net>
References:
<53438FB1.9020006@fifthhorseman.net>
Message-ID:
Well, this went off-topic quickly. ;-)
On Mon, Apr 7, 2014 at 10:57 PM, Daniel Kahn Gillmor
wrote:
> i recommend using reprepro to manage the APT respository unless you have
> a compelling reason to manage all the rest of this stuff yourself.
I'm concerned about the inability of reprepro to include in a single
distribution two files which are only different versions of the same
package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570623
Also, I'd like to understand gpg better which is why I asked about the
--default-key issue I noticed and didn't understand.
Thanks.
Peter
From santhosh5619 at gmail.com Tue Apr 8 06:04:38 2014
From: santhosh5619 at gmail.com (Santhosh Kumar)
Date: Tue, 8 Apr 2014 14:04:38 +1000
Subject: Query on PGP Keygen using GNUPG
Message-ID:
Hi Team,
I'm trying to execute the PGP Key generation using "SUNWgnupg" available on
Solaris 11 with CLI option mentioned below.
/usr/bin/gpg2 --secret-keyring /home2/d1/owner/.gnupg/secring.gpg --keyring
/home2/d1/owner/.gnupg/pubring.gpg --gen-key --local-user [lindex $argv 0]*
*
May I know the attributes to be used for giving Key Size as 2048 , Key
algorithm as RSA etc. in single CLI instead of routine way of generating
Key.
Appreciate if you can help me with quick reply to proceed with my work. PFA
for server details and version present on Solaris 11 server
Thanks,
Santhosh Kumar
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
# uname -a
SunOS 5.11 11.1 sun4v sparc sun4v
# uname -X
System = SunOS
Node =
Release = 5.11
KernelID = 11.1
Machine = sun4v
BusType =
Serial =
Users =
OEM# = 0
Origin# = 1
NumCPU = 32
# cat /etc/release
Oracle Solaris 11.1 SPARC
Copyright (c) 1983, 2013, Oracle and/or its affiliates. All rights reserved.
Assembled 06 November 2013
===========================================================================================
$ /usr/bin/gpg2 --version
gpg (GnuPG) 2.0.17
libgcrypt 1.4.5
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
========================================================================================
Syntax: gpg [options] [files]
sign, check, encrypt or decrypt
default operation depends on the input data
Commands:
-s, --sign make a signature
--clearsign make a clear text signature
-b, --detach-sign make a detached signature
-e, --encrypt encrypt data
-c, --symmetric encryption only with symmetric cipher
-d, --decrypt decrypt data (default)
--verify verify a signature
-k, --list-keys list keys
--list-sigs list keys and signatures
--check-sigs list and check key signatures
--fingerprint list keys and fingerprints
-K, --list-secret-keys list secret keys
--gen-key generate a new key pair
--gen-revoke generate a revocation certificate
--delete-keys remove keys from the public keyring
--delete-secret-keys remove keys from the secret keyring
--sign-key sign a key
--lsign-key sign a key locally
--edit-key sign or edit a key
--passwd change a passphrase
--export export keys
--send-keys export keys to a key server
--recv-keys import keys from a key server
--search-keys search for keys on a key server
--refresh-keys update all keys from a keyserver
--import import/merge keys
--card-status print the card status
--card-edit change data on a card
--change-pin change a card's PIN
--update-trustdb update the trust database
--print-md print message digests
--server run in server mode
Options:
-a, --armor create ascii armored output
-r, --recipient USER-ID encrypt for USER-ID
-u, --local-user USER-ID use USER-ID to sign or decrypt
-z N set compress level to N (0 disables)
--textmode use canonical text mode
-o, --output FILE write output to FILE
-v, --verbose verbose
-n, --dry-run do not make any changes
-i, --interactive prompt before overwriting
--openpgp use strict OpenPGP behavior
(See the man page for a complete listing of all commands and options)
Examples:
-se -r Bob [file] sign and encrypt for user Bob
--clearsign [file] make a clear text signature
--detach-sign [file] make a detached signature
--list-keys [names] show keys
--fingerprint [names] show fingerprints
Please report bugs to .
===========================================================================================
From dkg at fifthhorseman.net Tue Apr 8 13:47:46 2014
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 08 Apr 2014 07:47:46 -0400
Subject: Use GnuPG in an automated environment?
In-Reply-To:
References: <53438FB1.9020006@fifthhorseman.net>
Message-ID: <5343E1E2.1050709@fifthhorseman.net>
On 04/08/2014 02:16 AM, Peter Michaux wrote:
> I'm concerned about the inability of reprepro to include in a single
> distribution two files which are only different versions of the same
> package. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570623
sorry for the off-topic aside, i'm glad to see that you've considered
reprepro. I don't know what the use case is for multiple versions of
the same package in the same repo, but it does sound like if you need
that it's a compelling reason to manage to repo by hand for now.
> Also, I'd like to understand gpg better which is why I asked about the
> --default-key issue I noticed and didn't understand.
The key selection you're asking about is done by gpg in its best-effort
way. Here's my understanding of its approach:
if you specify a key or a user ID, it first tries to find the primary
key associated with that specification (see "HOW TO SPECIFY A USER ID"
in gpg(1) ). Then, when making a regular data signature (which is what
Release.gpg is), given that selected primary key, it checks to see if
there is a signing-capable subkey that has a newer creation time than
then primary key, and it uses that one.
If you want to specify a particular subkey or primary key as the signing
key, you should be able to do so by appending a "!" to the end of the
key ID:
When using gpg an exclamation mark (!) may be appended to force
using the specified primary or secondary key and not to try and
calculate which primary or secondary key to use.
(note that the ! may need to be escaped to avoid your shell interpreting it)
If you can stand one more off-topic aside: I also recommend that for
important use cases like a software repository, you take care to
identify the signing key using a full fingerprint instead of a short
keyid. short keyids are trivially spoofable, and if you ever update
your gnupg keyring from a public keyserver, it's possible for that
keyserver (or anyone in control of the network path between you and the
keyserver) to push an update into your keyring that matches the short
Key ID in question (even a secret key can be pushed in, i think).
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL:
From sam.mxracer at gmail.com Tue Apr 8 19:58:08 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Tue, 8 Apr 2014 13:58:08 -0400
Subject: Removing old preferences from exported key
In-Reply-To: <53438DB6.3040900@vulcan.xs4all.nl>
References: <5342405A.8000601@vulcan.xs4all.nl>
<3447A39B-BEC6-4569-8B39-627E1747FB7B@jabberwocky.com>
<53438DB6.3040900@vulcan.xs4all.nl>
Message-ID:
There is also the clean command which cleans up old self sigs (among other
things like unusable sigs, e.g. expired signatures).
On Tue, Apr 8, 2014 at 1:48 AM, Johan Wevers wrote:
> On 07-04-2014 15:16, David Shaw wrote:
>
> > When you change preferences you add another selfsig for your
> > user ID that contains the new preferences.
>
> > If you want to make the old preferences go away completely,
> > you can simply delete the old selfsig via delsig
>
> Yers, that removes it completely from my keyring. That's not necessary
> and will be undone after the first sync with the keyservers anyway.
>
> However, is there a way to remove it from the exported key only - to
> keep the size of the exported key as small as possible? The export
> options didn't do that as list-packets showed.
>
> --
> ir. J.C.A. Wevers
> PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dshaw at jabberwocky.com Tue Apr 8 20:21:52 2014
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 8 Apr 2014 14:21:52 -0400
Subject: Removing old preferences from exported key
In-Reply-To: <53438DB6.3040900@vulcan.xs4all.nl>
References: <5342405A.8000601@vulcan.xs4all.nl>
<3447A39B-BEC6-4569-8B39-627E1747FB7B@jabberwocky.com>
<53438DB6.3040900@vulcan.xs4all.nl>
Message-ID: <9BC1164C-91E0-493B-A7BB-A04BCBD23EDE@jabberwocky.com>
On Apr 8, 2014, at 1:48 AM, Johan Wevers wrote:
> On 07-04-2014 15:16, David Shaw wrote:
>
>> When you change preferences you add another selfsig for your
>> user ID that contains the new preferences.
>
>> If you want to make the old preferences go away completely,
>> you can simply delete the old selfsig via delsig
>
> Yers, that removes it completely from my keyring. That's not necessary
> and will be undone after the first sync with the keyservers anyway.
>
> However, is there a way to remove it from the exported key only - to
> keep the size of the exported key as small as possible? The export
> options didn't do that as list-packets showed.
Sure:
--export-options export-clean
David
From johanw at vulcan.xs4all.nl Tue Apr 8 22:51:24 2014
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Tue, 08 Apr 2014 22:51:24 +0200
Subject: Removing old preferences from exported key
In-Reply-To: <9BC1164C-91E0-493B-A7BB-A04BCBD23EDE@jabberwocky.com>
References: <5342405A.8000601@vulcan.xs4all.nl>
<3447A39B-BEC6-4569-8B39-627E1747FB7B@jabberwocky.com>
<53438DB6.3040900@vulcan.xs4all.nl>
<9BC1164C-91E0-493B-A7BB-A04BCBD23EDE@jabberwocky.com>
Message-ID: <5344614C.4030807@vulcan.xs4all.nl>
On 08-04-2014 20:21, David Shaw wrote:
>> However, is there a way to remove it from the exported key only - to
>> keep the size of the exported key as small as possible? The export
>> options didn't do that as list-packets showed.
>
> Sure:
>
> --export-options export-clean
Thanks, that worked.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From fmv1992 at gmail.com Wed Apr 9 05:01:29 2014
From: fmv1992 at gmail.com (Felipe Vieira)
Date: Wed, 9 Apr 2014 00:01:29 -0300
Subject: Heartbleed attack on Openssl
Message-ID:
Dear GNUPG community,
I think a lot of unexperienced users would like to know more about the
Heartbleed problem found on some of the openssl versions. I have two broad
questions and two specific questions:
1) Which type of clients have been compromised (consider an ordinary user)?
2) Which common applications use openssl and are a potential target?
2) Are firefox users compromised?
3) Are RetroShare users compromised?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dbhukta at gmail.com Wed Apr 9 06:39:01 2014
From: dbhukta at gmail.com (dbhukta .)
Date: Wed, 9 Apr 2014 10:09:01 +0530
Subject: GPG tool for Windows Embeddd Compact 7
In-Reply-To:
References:
<201402201801.39298.aheinecke@intevation.de>
Message-ID:
Hi,
Can you give the solution for GPGtool which will run for Windows Embedded
Compact 7. Or any Binary file which will be compatible for windows embedded
compact 7.
looking forward to hear from you.
Regards
D Bhukta
+918600096629
On Fri, Feb 21, 2014 at 1:29 AM, Alan Meekins wrote:
> Not all Windows Embedded OSes are built on top of CE! Look here for a
> listing of the products.
> It sounds like you are likely using Windows Embedded Standard 7(aka WES7,
> yuck what a mouthful!) which is just a rebranded version of normal old
> Windows 7. If this is the case it means anything that can run on windows
> 7(big windows) will run on WES7 with no modification. The caveat about
> Windows Embedded is that you have the flexibility to strip out just about
> any componenet of Windows so the most likely issues you will hit are around
> what you have removed from the image causing breaks in 3rd party software
> such as GnuPG. So in short we need to know the exact version if Windows you
> are running to really give accurate advice. CE is a different world which
> may require you to recompile the programs you wish to run depending on your
> exact scenario.
>
> Cheers,
> -Alan
>
>
> On Thu, Feb 20, 2014 at 9:01 AM, Andre Heinecke wrote:
>
>> Hi,
>>
>> On Wednesday 19 February 2014 08:13:36 dbhukta . wrote:
>> > Let me know any version which is compatible for Windows embedded
>> Compact 7
>> > to encrypt/decrypt a text file at least.
>>
>> GnuPG has been ported to Windows CE 5.0 so it should / could work on
>> Windows
>> embedded 7 (I guess its untested) as this work was done 2010 as part of a
>> Project and there has been little interest in Windows CE since.
>>
>> We still have some binaries lying around:
>>
>> http://files.kolab.org/local/windows-ce/gpg-snapshots/gpg_wince-dev-190111.zip
>>
>> Sources for that version:
>>
>> http://files.kolab.org/local/windows-ce/gpg-snapshots/gpg-ce-dev-190111-src.zip
>>
>> And a signed sha1sums file in:
>> http://files.kolab.org/local/windows-ce/gpg-snapshots/
>>
>> Maybe it works, maybe not.
>> Have fun
>>
>> --
>> Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
>> Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B
>> 18998
>> Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
>>
>
--
Regards,
Dinabandhu Bhukta
8600096629
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From sam.mxracer at gmail.com Wed Apr 9 15:17:49 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Wed, 9 Apr 2014 09:17:49 -0400
Subject: Heartbleed attack on Openssl
In-Reply-To:
References:
Message-ID:
On Tue, Apr 8, 2014 at 11:01 PM, Felipe Vieira wrote:
> Dear GNUPG community,
> I think a lot of unexperienced users would like to know more about the
> Heartbleed problem found on some of the openssl versions. I have two broad
> questions and two specific questions:
> 1) Which type of clients have been compromised (consider an ordinary user)?
> 2) Which common applications use openssl and are a potential target?
>
> 2) Are firefox users compromised?
> 3) Are RetroShare users compromised?
> Thanks in advance.
>
For the most part it is service providers who are affected by the bug.
There's a handy website to verbosely explain heartbleed.
http://heartbleed.com/
Affected services include HTTP, email servers (SMTP, POP and IMAP
protocols), chat servers (XMPP protocol), virtual private networks (SSL
VPNs), databases (e.g. mysql), and pretty much any service that uses
openssl TSL/SSL to secure transport of services if they're recently patched.
Security notices for popular server distros...
RHEL - https://access.redhat.com/site/solutions/781793
Ubuntu - http://www.ubuntu.com/usn/usn-2165-1/
CLIENT
There's not much you can do at this point. Update your system packages and
that's about it.
SERVICE PROVIDER
Essentially you want to take the following steps if you're service
provider.
1. Test for the vulnerability - http://pastebin.com/WmxzjkXJ it is also
prudent to search for the affected package versions across all services.
2. If vulnerable patch the OpenSSL version of public front end services
first. Patch backend services after the front end is secure.
3. Reissue SSL private keys and certificates. Since the leak exposes the
private key it is no longer pristine.
For the remaining more thorough steps of what to do see the
heartbleed.orgwebsite which has a nice set of instructions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From tristan.santore at internexusconnect.net Wed Apr 9 15:59:27 2014
From: tristan.santore at internexusconnect.net (Tristan Santore)
Date: Wed, 09 Apr 2014 14:59:27 +0100
Subject: Heartbleed attack on Openssl
In-Reply-To:
References:
Message-ID: <5345523F.4070404@internexusconnect.net>
On 09/04/14 14:17, Sam Gleske wrote:
> On Tue, Apr 8, 2014 at 11:01 PM, Felipe Vieira > wrote:
>
> Dear GNUPG community,
> I think a lot of unexperienced users would like to know more about
> the Heartbleed problem found on some of the openssl versions. I
> have two broad questions and two specific questions:
> 1) Which type of clients have been compromised (consider an
> ordinary user)?
> 2) Which common applications use openssl and are a potential target?
>
> 2) Are firefox users compromised?
> 3) Are RetroShare users compromised?
> Thanks in advance.
>
>
> For the most part it is service providers who are affected by the
> bug. There's a handy website to verbosely explain heartbleed.
>
> http://heartbleed.com/
>
> Affected services include HTTP, email servers (SMTP, POP and IMAP
> protocols), chat servers (XMPP protocol), virtual private networks
> (SSL VPNs), databases (e.g. mysql), and pretty much any service that
> uses openssl TSL/SSL to secure transport of services if they're
> recently patched.
>
> Security notices for popular server distros...
> RHEL - https://access.redhat.com/site/solutions/781793
> Ubuntu - http://www.ubuntu.com/usn/usn-2165-1/
>
> CLIENT
>
> There's not much you can do at this point. Update your system
> packages and that's about it.
>
> SERVICE PROVIDER
> Essentially you want to take the following steps if you're service
> provider.
>
> 1. Test for the vulnerability - http://pastebin.com/WmxzjkXJ it is
> also prudent to search for the affected package versions across all
> services.
> 2. If vulnerable patch the OpenSSL version of public front end
> services first. Patch backend services after the front end is secure.
> 3. Reissue SSL private keys and certificates. Since the leak exposes
> the private key it is no longer pristine.
>
> For the remaining more thorough steps of what to do see the
> heartbleed.org website which has a nice set of
> instructions.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
It is imperative you revoke old keys! Not just reissue!
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore at fedoraproject.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rjh at sixdemonbag.org Wed Apr 9 18:51:20 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 09 Apr 2014 12:51:20 -0400
Subject: Heartbleed attack on Openssl
In-Reply-To:
References:
Message-ID: <53457A88.6050804@sixdemonbag.org>
> Dear GNUPG community,
That right there should be your first hint. :)
This is a great email list to get informed opinions on GnuPG and the
OpenPGP RFCs, but this may not be a great place to get informed
commentary on OpenSSL. It's a completely different software package run
by a completely different outfit.
You may get better answers if you ask on the OpenSSL mailing lists. :)
From kappu at hotmail.com Wed Apr 9 19:20:58 2014
From: kappu at hotmail.com (Kapil Aggarwal)
Date: Wed, 9 Apr 2014 13:20:58 -0400
Subject: It's 2014. Are we there yet?
Message-ID:
Folks,
I?m an ardent reader of this (and a few other) mailing lists, but usually stay quiet and in the background. However, in light of global events and paradigm shifts in the last few months, I?m tempted to speak up.
While I do use PGP/GPG, I have to admit that the usage has been minimal and sporadic over the last few years, with the usual suspects as reasons. But the biggest reason of course is ?adoption? i.e. very few in my social/professional circle use it. Now, we all (probably, subconsciously?) know/acknowledge why that is, we are in 2014 after all.
My personal belief is that the awareness for secure communications is starting to rise, not just for the niche users who are already using it/know how to use it, but for the ?average Joe user? as well. My definition of the ?average Joe user? btw is someone who:
- Has at least one computing device, if not more
- Is familiar with email
- Is already using various online mediums
- Has usually never thought about ?secure communications? or maybe in an abstract fashion
Now, the barrier to entry of secured communications is high. I realize that. I?m sure a lot of you do as well. It?s not easy, it takes time, patience, a certain level of expertise and a tacit acknowledgement that they need to use it in the first place (probably the most important).
The ?secure communications? paradigm of course spans a whole spectrum from ?I don?t give a ****? to ?I?ll do anything to protect my communications, including giving away my first born?. I suspect the ?average Joe user? in 2014 is slightly above the former, but way below the latter. Without going to the other end of the spectrum, what will make adoption of secure communications a bit more palatable to the ?average Joe user??
Let?s list a few arguments:
- I don?t even know what I need. ? Well, assuming they are starting to recognize the need, I suspect they will find out relatively easily as to what they need. With a few caveats of course. There?s way more FUD/noise/BS out there than the average person can decipher, so it?ll probably end as being word-of-mouth recommendations or such.
- Even if I know what I need, getting it/installing it is hard. ? It is. The setup/install needs to be simpler, i.e. as simple as installing an ?app?. That is what the average Joe user is capable of.
- WTF is a key pair/public key/private key/? - ? This IS a big problem. I may get it, you may get it, how does the average Joe user gain that understanding? The nomenclature needs to be, well, something that the average Joe user can understand as well. They understood SSL (well, for the most part).
- ? several more similar arguments.
Now, what will help drive this adoption more?
- A better install experience?
- A ?dumbed down? (if you will) taxonomy that they can understand?
- Simpler UIs? (without sacrificing secure functionality)
- Better integration with existing systems?
- Education? i.e. ongoing information dissemination that educates people on these things. Newsletters? How tos? Youtube videos (shudder)? And others.
- Start hitting them on the head with a baseball bat? ?
All thoughts are very much welcome and appreciated.
Kapil Aggarwal.
From kappu at hotmail.com Wed Apr 9 18:39:44 2014
From: kappu at hotmail.com (Kapil Aggarwal)
Date: Wed, 9 Apr 2014 12:39:44 -0400
Subject: It's 2014. Are we there yet?
Message-ID:
Folks,
I'm an ardent reader of this (and a few other) mailing
lists, but usually stay quiet and in the background. However, in light of
global events and paradigm shifts in the last few months, I'm tempted to
speak up.
While I do use PGP/GPG, I have to admit that the usage has
been minimal and sporadic over the last few years, with the usual suspects
as reasons. But the biggest reason of course is "adoption" i.e. very few in
my social/professional circle use it. Now, we all (probably,
subconsciously?) know/acknowledge why that is, we are in 2014 after all.
My personal belief is that the awareness for secure
communications is starting to rise, not just for the niche users who are
already using it/know how to use it, but for the "average Joe user" as well.
My definition of the "average Joe user" btw is someone who:
- Has at least one computing device, if not more
- Is familiar with email
- Is already using various online mediums
- Has usually never thought about "secure communications" or maybe
in an abstract fashion
Now, the barrier to entry of secured communications is high. I realize that.
I'm sure a lot of you do as well. It's not easy, it takes time, patience, a
certain level of expertise and a tacit acknowledgement that they need to use
it in the first place (probably the most important).
The "secure communications" paradigm of course spans a whole spectrum from
"I don't give a ****" to "I'll do anything to protect my communications,
including giving away my first born". I suspect the "average Joe user" in
2014 is slightly above the former, but way below the latter. Without going
to the other end of the spectrum, what will make adoption of secure
communications a bit more palatable to the "average Joe user"?
Let's list a few arguments:
- I don't even know what I need. - Well, assuming they are starting
to recognize the need, I suspect they will find out relatively easily as to
what they need. With a few caveats of course. There's way more FUD/noise/BS
out there than the average person can decipher, so it'll probably end as
being word-of-mouth recommendations or such.
- Even if I know what I need, getting it/installing it is hard. -
It is. The setup/install needs to be simpler, i.e. as simple as installing
an "app". That is what the average Joe user is capable of.
- WTF is a key pair/public key/private key/. - J This IS a big problem. I may get it, you may get it, how
does the average Joe user gain that understanding? The nomenclature needs to
be, well, something that the average Joe user can understand as well. They
understood SSL (well, for the most part).
- . several more similar arguments.
Now, what will help drive this adoption more?
- A better install experience?
- A "dumbed down" (if you will) taxonomy that they can understand?
- Simpler UIs? (without sacrificing secure functionality)
- Better integration with existing systems?
- Education? i.e. ongoing information dissemination that educates
people on these things. Newsletters? How tos? Youtube videos (shudder)? And
others.
- Start hitting them on the head with a baseball bat? J
All thoughts are very much welcome and appreciated.
Kapil Aggarwal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From sam.mxracer at gmail.com Wed Apr 9 19:29:05 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Wed, 9 Apr 2014 13:29:05 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
Message-ID:
On Wed, Apr 9, 2014 at 1:20 PM, Kapil Aggarwal wrote:
> - I don?t even know what I need. ? Well, assuming they are starting
> to recognize the need, I suspect they will find out relatively easily as to
> what they need. With a few caveats of course. There?s way more FUD/noise/BS
> out there than the average person can decipher, so it?ll probably end as
> being word-of-mouth recommendations or such.
> - Even if I know what I need, getting it/installing it is hard. ? It
> is. The setup/install needs to be simpler, i.e. as simple as installing an
> ?app?. That is what the average Joe user is capable of.
> - WTF is a key pair/public key/private key/ terminology>? - ? This IS a big problem. I may get it, you may get it, how
> does the average Joe user gain that understanding? The nomenclature needs
> to be, well, something that the average Joe user can understand as well.
> They understood SSL (well, for the most part).
> - ? several more similar arguments.
>
> Now, what will help drive this adoption more?
>
> - A better install experience?
> - A ?dumbed down? (if you will) taxonomy that they can understand?
> - Simpler UIs? (without sacrificing secure functionality)
> - Better integration with existing systems?
> - Education? i.e. ongoing information dissemination that educates
> people on these things. Newsletters? How tos? Youtube videos (shudder)? And
> others.
> - Start hitting them on the head with a baseball bat? ?
>
I've actually started talking to my family a lot about using it and getting
my parents to use GNUPG. I think the biggest problem is "too many paths"
to accomplish what is needed. There's so much software and so many
recommendations that you, as an expert explaining to your friends, need to
show them a single path and say, "This is how it is done."
I've written a document for my family and regularly link it on facebook
encouraging friends and family to use it. Warning to PGP experts, the
terminology is dumbed down and the concepts are filtered so not everything
is technically correct but explained in a way that the user can
understand. Also, it's a few pages of text and mostly screen shots. I
tried making it fun somewhat so bear with the imagery.
http://www.pages.drexel.edu/~sag47/privacy_for_everyone.pdf
SAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rjh at sixdemonbag.org Wed Apr 9 19:58:40 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 09 Apr 2014 13:58:40 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
Message-ID: <53458A50.2050906@sixdemonbag.org>
> The ?secure communications? paradigm of course spans a whole spectrum
> from ?I don?t give a ****? to ?I?ll do anything to protect my
> communications, including giving away my first born?. I suspect the
> ?average Joe user? in 2014 is slightly above the former, but way below
> the latter. Without going to the other end of the spectrum, what will
> make adoption of secure communications a bit more palatable to the
> ?average Joe user??
Every year or so this subject comes up, and my answers are unchanged
from last time: start by reading up on academic papers studying this
exact problem. For a while John Clizbe and I kept a list of good
papers, but I have to confess I haven't been keeping up on the latest
literature. Still, our last list is pretty good reading.
(These selections come from both John and me, but John is the one who
assembled them into proper cite format -- thanks, John. For the
original message, see "Re: what is killing PKI?" on this mailing list,
posted on 24 Aug 2012.)
=====
Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006.
Secrecy, flagging, and paranoia: adoption criteria in encrypted email.
In Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems (Montreal, Quebec, Canada, April 22 - 27, 2006).
R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and
G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600.
DOI= http://doi.acm.org/10.1145/1054972.1055069
Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E.,
and Miller, R. C. 2005. How to make secure email easier to use.
In _Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems_ (Portland, Oregon, USA, April 02 - 07, 2005).
CHI '05. ACM, New York, NY, 701-710.
DOI= http://doi.acm.org/10.1145/1054972.1055069
Alma Whitten and J.D. Tygar. Why Johnny Can?t Encrypt: A Usability
Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security
Symposium, Washington, DC, August 1999. http://bit.ly/OaEeTD
Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J.
Hyland. Why Johnny Still Can?t Encrypt: Evaluating the Usability of
Email Encryption Software. Poster session, 2006 Symposium On Usable
Privacy and Security, Pittsburgh, PA, July 2006.
http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstract.pdf
From kappu at hotmail.com Wed Apr 9 20:07:49 2014
From: kappu at hotmail.com (Kapil Aggarwal)
Date: Wed, 9 Apr 2014 14:07:49 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To: <53458A50.2050906@sixdemonbag.org>
References:
<53458A50.2050906@sixdemonbag.org>
Message-ID:
I have. I was hoping there has been atleast a small rise in user perception
about secure communications and newer software platforms/delivery channels
that are beneficial.
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Robert
J. Hansen
Sent: Wednesday, April 09, 2014 1:59 PM
To: gnupg-users at gnupg.org
Subject: Re: It's 2014. Are we there yet?
> The "secure communications" paradigm of course spans a whole spectrum
> from "I don't give a ****" to "I'll do anything to protect my
> communications, including giving away my first born". I suspect the
> "average Joe user" in 2014 is slightly above the former, but way below
> the latter. Without going to the other end of the spectrum, what will
> make adoption of secure communications a bit more palatable to the
> "average Joe user"?
Every year or so this subject comes up, and my answers are unchanged from
last time: start by reading up on academic papers studying this exact
problem. For a while John Clizbe and I kept a list of good papers, but I
have to confess I haven't been keeping up on the latest literature. Still,
our last list is pretty good reading.
(These selections come from both John and me, but John is the one who
assembled them into proper cite format -- thanks, John. For the original
message, see "Re: what is killing PKI?" on this mailing list, posted on 24
Aug 2012.)
=====
Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006.
Secrecy, flagging, and paranoia: adoption criteria in encrypted email.
In Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems (Montreal, Quebec, Canada, April 22 - 27, 2006).
R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds.
CHI '06. ACM, New York, NY, 591-600.
DOI= http://doi.acm.org/10.1145/1054972.1055069
Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E., and Miller,
R. C. 2005. How to make secure email easier to use.
In _Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems_ (Portland, Oregon, USA, April 02 - 07, 2005).
CHI '05. ACM, New York, NY, 701-710.
DOI= http://doi.acm.org/10.1145/1054972.1055069
Alma Whitten and J.D. Tygar. Why Johnny Can't Encrypt: A Usability
Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium,
Washington, DC, August 1999. http://bit.ly/OaEeTD
Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J.
Hyland. Why Johnny Still Can't Encrypt: Evaluating the Usability of Email
Encryption Software. Poster session, 2006 Symposium On Usable Privacy and
Security, Pittsburgh, PA, July 2006.
http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstract.pdf
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From cwal989 at comcast.net Wed Apr 9 20:35:14 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Wed, 09 Apr 2014 14:35:14 -0400
Subject: Heartbleed attack on Openssl / Pertinent? I say yes.
In-Reply-To: <53458C9E.9000808@sixdemonbag.org>
References:
<53457A88.6050804@sixdemonbag.org> <53458B70.2060800@comcast.net>
<53458C9E.9000808@sixdemonbag.org>
Message-ID: <534592E2.9040600@comcast.net>
On 4/9/2014 2:08 PM, Robert J. Hansen wrote:
>> safe. How would you protect your home and valuables then? That is the
>> type of problem that Heartbleed is, and it IMO needs to be posted
>> EVERYWHERE, so that people can at least try to protect themselves.
>
> Please re-read my message. I never told him to post elsewhere or that
> it was off-topic for this list. I simply told him where he might get
> better answers. If I was still teaching at the university and a student
> came by looking for help with calculus homework, my first response would
> be, "Well, you're in the Computer Science department; the Math
> department is at the other end of this hallway."
>
> And my second response would be, "But maybe I can help you: let's see."
>
> :)
Believe it or not, I did read your message. I did not mean to accuse you of
telling him to post elsewhere or that it was off-topic for the list. I am
sorry if you got that impression. I just feel the the issue is very important,
and needs to be "shouted from the roof tops", as the saying goes.
Again, my message was nothing personal against you. I just thought I'd provide
more information on the bug.
My message has not shown up on the list, yet. Is the list moderated, or is it
just an issue of a reply to a message showing up before the actual message does?
From cwal989 at comcast.net Wed Apr 9 20:35:36 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Wed, 09 Apr 2014 14:35:36 -0400
Subject: Heartbleed attack on Openssl / Pertinent? I say yes.
In-Reply-To: <53457A88.6050804@sixdemonbag.org>
References:
<53457A88.6050804@sixdemonbag.org>
Message-ID: <534592F8.3090206@comcast.net>
On 4/9/2014 12:51 PM, Robert J. Hansen wrote:
>> Dear GNUPG community,
>
> That right there should be your first hint. :)
>
> This is a great email list to get informed opinions on GnuPG and the
> OpenPGP RFCs, but this may not be a great place to get informed
> commentary on OpenSSL. It's a completely different software package run
> by a completely different outfit.
>
> You may get better answers if you ask on the OpenSSL mailing lists. :)
You're right in the respect that this list is only for GnuPG and OpenPGP RFC
support.
However, the Heartbleed vulnerability is such a pervasive Internet security
issue that everyone needs to be made aware of it, so that they may become
educated on it. In my experience, the majority of Internet users take for
granted that their Internet banking, shopping, and all other "secure" uses of
the Internet are, in fact, truly *secure*. This vulnerability affect the
entire SSL of the Internet (since the majority of clients and servers use
OpenSSL) - that makes every site vulnerable to spoofing, and everyone who uses
the Internet for any secure transactions vulnerable to identity theft.
This bug *should* have been reported across the whole Internet when it was
discovered about 2 years ago, but even now, no one wants to talk or hear about
it anywhere.
Imagine if ALL companies that produce locks, safes, and provide home security
had a security problem that would allow anyone who knew about the problem to
anonymously get keys (or even master keys) to any lock, and to override any
home security system, and get the combination to any safe. How would you
protect your home and valuables then? That is the type of problem that
Heartbleed is, and it IMO needs to be posted EVERYWHERE, so that people can at
least try to protect themselves.
Regards,
Chris
From sam.mxracer at gmail.com Wed Apr 9 21:37:05 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Wed, 9 Apr 2014 15:37:05 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To: <53459E1B.60002@fifthhorseman.net>
References:
<53459E1B.60002@fifthhorseman.net>
Message-ID:
On Wed, Apr 9, 2014 at 3:23 PM, Daniel Kahn Gillmor
wrote:
> Hi Sam--
>
> [offlist for now, see why below]
>
> On 04/09/2014 01:29 PM, Sam Gleske wrote:
> > I've written a document for my family and regularly link it on facebook
> > encouraging friends and family to use it. Warning to PGP experts, the
> > terminology is dumbed down and the concepts are filtered so not
> everything
> > is technically correct but explained in a way that the user can
> > understand. Also, it's a few pages of text and mostly screen shots. I
> > tried making it fun somewhat so bear with the imagery.
> >
> > http://www.pages.drexel.edu/~sag47/privacy_for_everyone.pdf
>
> I'm really glad to see popularization of these tools. thank you for
> writing this up. i also really like your tinfoil hat photograph :) But...
>
> i read your disclaimer above, but the document (sha1sum
> 6dac22e5fa1095638149a537d6a3b641ad2dd551) has dangerously misleading
> directions. I strongly recommend you take it down for now while we
> figure out what to do about it.
>
> I haven't reviewed the whole document yet, but page 15 is particularly
> troubling. the problem is that you describe the concept of key
> validity, but associate it with key ownertrust.
>
> key validity is "does this key belong to a person whose name and e-mail
> are indicated in the User ID?"
>
> key ownertrust is "am i willing to rely on identity certifications made
> by the holder of this key?"
>
> These are entirely separate questions. I may know for sure that my
> boss's key belongs to my boss, but i don't want her to be able to create
> a new key that appears to belong to my husband, certify it, and send me
> mail that would then appear to come from my husband. Even worse, i
> wouldn't want my mail to my husband to be encrypted to this bogus key,
> because my boss could then read the contents of the mail.
>
> There are other problems with the text, including (from a quick skim,
> not exhaustive, ordered from trivial to security-critical):
>
> * page 17 is far too much information about a useless-at-best feature
> (see [0])
>
> * the document recommends the use of pgp.mit.edu instead of the
> standard pool.sks-keyservers.net
>
> * the document discourages the creation of revocation certificates
>
> * page 11 seems to assume that "asking their key ID" is sufficient to
> verify identity, though this is distinctly not the case [1]. this is
> seriously insecure. I can send you a new OpenPGP key show private half
> i control, but with your user ID and your keyID later if you need
> convincing. :/
>
> I recommend you read the riseup/debian OpenPGP best practices document
> [2] and the GnuPG DETAILS document and consider trying to align your
> document with the information and recommendations in those materials.
>
> I've left this message offlist for now, because i'm hoping you'll follow
> up on the message publicly and make it clear what your plan is with this
> document; If you'd like, either you or i can post these concerns
> publicly, and we can have the discussion on-list. But i think a quick
> note from you asking people not to rely on the current draft of that
> document while you revise it for clarity and correctness would be great.
>
> let me know what you think. sorry to send you a lengthy critique, and i
> hope it doesn't discourage you from continuing to spread the word about
> encryption. It's just important to avoid making recommendations that
> give people a sense of security that turns out to leave them vulnerable
> in hidden ways.
>
> All the best,
>
> --dkg
>
> [0] https://www.debian-administration.org/users/dkg/weblog/98
> [1] https://www.debian-administration.org/users/dkg/weblog/105
> [2] https://we.riseup.net/debian/openpgp-best-practices
>
>
I agree with your concerns. In reality I only started using GPG a few
weeks ago which would explain my amateurish approach I suppose. There is a
source document written in openoffice...
http://www.pages.drexel.edu/~sag47/privacy_for_everyone.odt
Also, I have created sha1 files... just append *.sha1 to the file name e.g.
http://www.pages.drexel.edu/~sag47/privacy_for_everyone.odt.sha1
For now I have removed the PDF since I have widely distributed the link to
the PDF so that people don't download it and receive misinformation.
The odt file remains. I'm open to editing the document for clarity and
fact checking. Once, an acceptable revised copy is well received on the
list then I'll recreate a PDF and upload it again.
SAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From fmv1992 at gmail.com Wed Apr 9 23:48:57 2014
From: fmv1992 at gmail.com (Felipe Vieira)
Date: Wed, 9 Apr 2014 18:48:57 -0300
Subject: Heartbleed attack on Openssl
Message-ID:
So going back to the original question as I can see there is no
disagreement on its importance:
*1) What are the consequences to the ordinary user? *
All the news are lacking information on that. Can you point relevant
examples?
All I could gather is that the only major/well known server to be
compromised was Yahoo.
For example: Gmail and Dropbox and Hotmail seem to be imune to this. I also
found out that Mozilla/Firefox browser were also imune. If I would persuade
someone of this bug's importance, which other examples could I give?
2) (specific question) Does Firefox use openssl to connect to some servers
while browsing?
3) How about Ubuntu and other OSs? Do they use openssl to update
themselves? (as in "apt-get update && apt-get upgrade").
Be as clear and basic as possible. In the context of "It's 2014. Are we
there yet?" thread, I would like more shocking/tangible examples to suggest
friends to start thinking of cryptography (and then we are back to gnupg).
Thanks again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From pete at heypete.com Thu Apr 10 00:45:55 2014
From: pete at heypete.com (Pete Stephenson)
Date: Thu, 10 Apr 2014 00:45:55 +0200
Subject: Heartbleed attack on Openssl
In-Reply-To:
References:
Message-ID:
On Apr 10, 2014 12:22 AM, "Felipe Vieira" wrote:
>
> So going back to the original question as I can see there is no
disagreement on its importance:
> 1) What are the consequences to the ordinary user?
> All the news are lacking information on that. Can you point relevant
examples?
Any service using a vulnerable version of OpenSSL in the last two years
could have been silently attacked, with the attackers being able to gain
access to information stored in the servers memory.
The attacker might get memory containing empty sections, boring system
files, secret cryptographic keys (the compromise of which could, in some
cases, lead to user data being decrypted or a MITM being possible with no
warnings), user data, etc.
Its not clear of any bad guys knew about the bug prior to the announcement.
If they didn't and one patched any affected servers as soon as possible,
then the effects would be quite minimal. If they did know and exploited
things, or if one has not yet patched vulnerable systems, things could be
very bad.
In short: the consequences could be dire but there is no way of knowing for
certain what, if any, things have been compromised. Its probably best to
assume the worst.
> All I could gather is that the only major/well known server to be
compromised was Yahoo.
Yahoo fixed the issue shortly after the public announcement of the bug. It
is not clear of bad guys were able to compromise their systems before it
was fixed, but researchers were able to successfully probe various systems
at Yahoo prior to the fix, so one should assume bad guys could do the same.
> For example: Gmail and Dropbox and Hotmail seem to be imune to this. I
also found out that Mozilla/Firefox browser were also imune. If I would
persuade someone of this bug's importance, which other examples could I
give?
No service using an affected version of OpenSSL is immune. Some (like
Cloudflare) received advanced notice and patched their systems before the
public announcement, while others may have used other SSL libraries or
versions of OpenSSL that were not vulnerable.
> 2) (specific question) Does Firefox use openssl to connect to some
servers while browsing?
No. Firefox is immune because it uses the NSS Crypto library.
The issue typically exists on and affects servers. A server using an
affected version of OpenSSL is vulnerable regardless of what browser
clients use.
> 3) How about Ubuntu and other OSs? Do they use openssl to update
themselves? (as in "apt-get update && apt-get upgrade").
Ubuntu and Debian use GnuPG to sign packages but updates typically take
place over unencrypted connections. The update mechanism is not affected by
this bug.
Cheers!
-Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From sam.mxracer at gmail.com Thu Apr 10 01:10:10 2014
From: sam.mxracer at gmail.com (Sam Gleske)
Date: Wed, 9 Apr 2014 19:10:10 -0400
Subject: Heartbleed attack on Openssl
In-Reply-To:
References:
Message-ID:
On Wed, Apr 9, 2014 at 6:45 PM, Pete Stephenson wrote:
> On Apr 10, 2014 12:22 AM, "Felipe Vieira" wrote:
> >
> > So going back to the original question as I can see there is no
> disagreement on its importance:
> > 1) What are the consequences to the ordinary user?
> > All the news are lacking information on that. Can you point relevant
> examples?
>
> In short: the consequences could be dire but there is no way of knowing
> for certain what, if any, things have been compromised. Its probably best
> to assume the worst.
>
^ That. Assume the worst because the vulnerability was there for two
years. Not sure who you're having a hard time convincing but send them to
heartbleed.com. The first three paragraphs are for high flying executives
whose "business critical documents" are at risk.
> > For example: Gmail and Dropbox and Hotmail seem to be imune to this. I
> also found out that Mozilla/Firefox browser were also imune. If I would
> persuade someone of this bug's importance, which other examples could I
> give?
>
What type of person are you trying to persuade? If you download any of the
vulnerability test scripts in the wild you'll notice that the 64k output is
truncated and the script simply states "you're vulnerable". Edit that
script so that it dumps the full 64k. While you're at it put that script
in an infinite while loop and dump the output to a file on disk. Then use
Firefox or chrome or whatever browser you want and log in to the service.
When you're done search the file for your credentials. It doesn't matter
what browser you're using.
> > 2) (specific question) Does Firefox use openssl to connect to some
> servers while browsing?
>
> No. Firefox is immune because it uses the NSS Crypto library.
>
I have verified this claim. (Firefox Version: 28.0+build2-0ubuntu0.12.04.1)
$ dpkg -L firefox | while read x;do [ -f "${x}" ] && (if ldd "${x}"
2>/dev/null | grep libssl &>/dev/null;then echo "${x}";fi);done | while
read x;do echo "${x}";ldd "${x}" 2>/dev/null | grep libssl;done
/usr/lib/firefox/components/libmozgnome.so
libssl3.so => /usr/lib/x86_64-linux-gnu/libssl3.so
(0x00007ffd9d836000)
/usr/lib/firefox/components/libdbusservice.so
libssl3.so => /usr/lib/x86_64-linux-gnu/libssl3.so
(0x00007f778ceda000)
/usr/lib/firefox/libxul.so
libssl3.so => /usr/lib/x86_64-linux-gnu/libssl3.so
(0x00007f326e660000)
/usr/lib/firefox/browser/components/libbrowsercomps.so
libssl3.so => /usr/lib/x86_64-linux-gnu/libssl3.so
(0x00007fa4537f3000)
/usr/lib/firefox/plugin-container
libssl3.so => /usr/lib/x86_64-linux-gnu/libssl3.so
(0x00007f0807de7000)
$ dpkg -S /usr/lib/x86_64-linux-gnu/libssl3.so
libnss3: /usr/lib/x86_64-linux-gnu/libssl3.so
If it was openssl then it would be linked to
/lib/x86_64-linux-gnu/libssl.so.1.0.0 which is a part of the libssl1.0.0
package which is a dependency of the openssl package.
> The issue typically exists on and affects servers. A server using an
> affected version of OpenSSL is vulnerable regardless of what browser
> clients use.
>
While it's true Firefox does not link openssl in binaries the vulnerability
allows an attacker to easily hijack sessions, steal usernames and
passwords, and steal the server private key during the SSL negotiation
phase. See my comments above for how you can verify that.
> > 3) How about Ubuntu and other OSs? Do they use openssl to update
> themselves? (as in "apt-get update && apt-get upgrade").
>
> Ubuntu and Debian use GnuPG to sign packages but updates typically take
> place over unencrypted connections. The update mechanism is not affected by
> this bug.
>
True. $ grep -rH 'http:' /etc/apt/sources.list*
I'm not sure who you're trying to convince, Felipe, but HOPEFULLY you have
already handled this bug by patching and added rules to your intrusion
detection system for packets trying to attack SSL using this method (the
attack packets look very different from normal SSL communication).
Pete, forgive me breaking down your reply but I found it a good exercise in
attempting to verify your claims.
Environment
KUbuntu 12.04.4 LTS
Linux 3.8.0-37-generic x86_64
SAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rjh at sixdemonbag.org Thu Apr 10 01:20:09 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 09 Apr 2014 19:20:09 -0400
Subject: Heartbleed attack on Openssl
In-Reply-To:
References:
Message-ID: <5345D5A9.6080007@sixdemonbag.org>
> 1) What are the consequences to the ordinary user?
None. The ordinary user is such an easy target that as bad as this
attack is, I don't see it as making things any worse.
> All the news are lacking information on that. Can you point relevant
> examples?
Not yet. Give it a few days: news reports will develop, Wikipedia will
be updated, and so on.
> 2) (specific question) Does Firefox use openssl to connect to some
> servers while browsing?
https://www.google.com/search?q=does+firefox+use+openssl
No, it does not. Nor does Chrome.
> 3) How about Ubuntu and other OSs? Do they use openssl to update
> themselves? (as in "apt-get update && apt-get upgrade").
Usually not. Repositories are normally accessed via HTTP, not HTTPS.
From sam.kuper at uclmail.net Thu Apr 10 00:36:25 2014
From: sam.kuper at uclmail.net (Sam Kuper)
Date: Wed, 9 Apr 2014 23:36:25 +0100
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
Message-ID:
On 09/04/2014, Kapil Aggarwal wrote:
> Now, what will help drive this adoption more?
>
> All thoughts are very much welcome and appreciated.
One possible answer: https://www.mailpile.is/faq/
I haven't tried it myself, btw.
From dkg at fifthhorseman.net Thu Apr 10 01:34:44 2014
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Wed, 09 Apr 2014 19:34:44 -0400
Subject: Heartbleed attack on Openssl
In-Reply-To: <5345D5A9.6080007@sixdemonbag.org>
References:
<5345D5A9.6080007@sixdemonbag.org>
Message-ID: <5345D914.7020502@fifthhorseman.net>
On 04/09/2014 07:20 PM, Robert J. Hansen wrote:
> No, it does not. Nor does Chrome.
Chromium (from which chrome is based) actually embeds a copy of openssl,
but doesn't use it for its TLS implementation, which is where the bug
would be triggered. (i'm not sure why they do this embedding actually,
i haven't reviewed it).
>> 3) How about Ubuntu and other OSs? Do they use openssl to update
>> themselves? (as in "apt-get update && apt-get upgrade").
>
> Usually not. Repositories are normally accessed via HTTP, not HTTPS.
even if they were accessed via https, this bug wouldn't have caused any
problem greater than a malicious attacker on the network being able to
see what packages you were downloading, and/or making you fetch an older
version of the repo you're looking at (or giving you "this repository
can't be authenticated" warnings). This is the same situation you're in
when you download via HTTP, though, so it's not a big deal in this context.
Your software updates for apt and yum are secured by OpenPGP signatures
over the archives themselves, which are made (for responsible
repositories anyway) via secret keys that aren't exposed to the web
servers that host the archives.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL:
From one.jsim at gmail.com Thu Apr 10 00:37:52 2014
From: one.jsim at gmail.com (One Jsim)
Date: Wed, 9 Apr 2014 23:37:52 +0100
Subject: PGP/GPG does not work easily with web-mail.
Message-ID:
PGP/GPG does not work easily with web-mail.
Most email, today, is read and write using the browser
POP ou IMAP mail is a rarity
That is the problem
Some text/link in this problem?
Jos? Sim?es
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rjh at sixdemonbag.org Thu Apr 10 01:42:24 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 09 Apr 2014 19:42:24 -0400
Subject: Heartbleed attack on Openssl
In-Reply-To: <5345D914.7020502@fifthhorseman.net>
References:
<5345D5A9.6080007@sixdemonbag.org> <5345D914.7020502@fifthhorseman.net>
Message-ID: <5345DAE0.3050901@sixdemonbag.org>
> Chromium (from which chrome is based) actually embeds a copy of openssl,
> but doesn't use it for its TLS implementation, which is where the bug
> would be triggered. (i'm not sure why they do this embedding actually,
> i haven't reviewed it).
I have heard that Chrome is migrating to OpenSSL instead of Mozilla's
NSS libraries; it's possible Chromium is a testbed. Speculation on my
part, though.
From fmv1992 at gmail.com Thu Apr 10 01:53:28 2014
From: fmv1992 at gmail.com (Felipe Vieira)
Date: Wed, 9 Apr 2014 20:53:28 -0300
Subject: Heartbleed attack on Openssl
Message-ID:
Thanks everyone for the quick and complete feedback. New questions arose:
1) Firefox uses NSS instead of OpenSSL. Still it can communicate with a
OpenSSL based server (say X) and thus the browser's type is irrelevant. The
communication between browser and X could be eavesdropped. Is that correct?
2) If the first answer is yes, only the X service credentials/data could be
stolen or does that compromis the whole browser session (e.g.:
communication browser - service Y and browser - service Z)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From ekleog at gmail.com Thu Apr 10 01:57:38 2014
From: ekleog at gmail.com (Leo Gaspard)
Date: Thu, 10 Apr 2014 01:57:38 +0200
Subject: PGP/GPG does not work easily with web-mail.
In-Reply-To:
References:
Message-ID: <20140409235738.GA28111@leortable>
On Wed, Apr 09, 2014 at 11:37:52PM +0100, One Jsim wrote:
> PGP/GPG does not work easily with web-mail.
>
> Most email, today, is read and write using the browser
>
> POP ou IMAP mail is a rarity
>
> That is the problem
>
> Some text/link in this problem?
>
> Jos? Sim?es
Well... I started to write a firefox addon, but never had enough time to finish
it. Perhaps later. If anyone wishes to get what I've done (that is, a js-ctype
binding of gpgme, along with tests AFAICR), I can try to locate the source code!
However, a major issue remains the encryption of HTML documents, which is,
AFAICT, not possible today (well, not automatically at least, as of course gpg
can be used to sign html files); and besides not obviously secure: what about
white-on-white text and such? I don't doubt there are fixes for such, and most
isn't even an issue; I just remember enigmail forbids it, so I guess there are
reasons.
Sorry for not helping you more,
Leo
From timprepscius at gmail.com Thu Apr 10 04:40:01 2014
From: timprepscius at gmail.com (Tim Prepscius)
Date: Wed, 9 Apr 2014 22:40:01 -0400
Subject: request for pgp encrypted messages for testing
Message-ID:
Hey there,
As I've said before, I'm working on a PGP based web mail program.
https://github.com/timprepscius/mv
The whole thing is GPL-Affero. Copy, steal, add, reduce, as you wish.
Demonstration is here (which is often killed/reset/etc/so...):
http://pmx.mooo.com/
And some screenshots:
http://tinypic.com/r/2ljmj9i/8
http://tinypic.com/r/4vp7hu/8
Also, if anyone is interested in what the db looks like (without
actually setting it up for yourself)
http://pmx.mooo.com/mv/util/Dump
-----
At this point I'm at 100% for testing signatures of messages (both
inline and pgp-mime). (Prob actually 95% but not enough test cases
yet.)
I need more messages testing encryption. I have found a few bugs in
openpgpjs concerning mime signing, and am dubious that it will
function perfectly with pgp-encryption.
If anyone here would like to help, please send an encrypted message to:
g at pmx.mooo.com
g's public key is here:
http://pastebin.com/raw.php?i=RAi8cfjC
If you would like your message to be placed in a public repository of
these messages, please include that in the encrypted block.
Please send whatever you'd like, html/text/attachment/etc.
My email address is timprepscius at gmail.com. You can let me know
through the gmail if mooo does not go through (I'm using postfix
default settings)
Thank you to those who have already helped, and thank you all for your
time previously (with regard to the mime signing issues)
-tim
From rjh at sixdemonbag.org Thu Apr 10 05:13:56 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 09 Apr 2014 23:13:56 -0400
Subject: Heartbleed attack on Openssl
In-Reply-To:
References:
Message-ID: <53460C74.2000208@sixdemonbag.org>
> Thanks everyone for the quick and complete feedback. New questions arose:
Again, you will have better luck asking on an OpenSSL mailing list.
There is no guarantee that anyone on this mailing list is an expert in
OpenSSL.
> The communication between browser and X could be eavesdropped. Is that
> correct?
Someone else could connect to X and use Heartbleed to scan the contents
of X's memory. Anything sent to X could be considered compromisable for
so long as it's stored in X's RAM.
From akwala at gmail.com Thu Apr 10 04:16:44 2014
From: akwala at gmail.com (a k'wala)
Date: Wed, 9 Apr 2014 22:16:44 -0400
Subject: PGP/GPG does not work easily with web-mail.
Message-ID:
You may want to look at these:
- http://www.mailvelope.com/
-
https://chrome.google.com/webstore/detail/mymail-crypt-for-gmail/jcaobjhdnlpmopmjhijplpjhlplfkhba/details
- https://www.penango.com/products
??Some info about the above:
http://www.makeuseof.com/tag/encrypt-your-gmail-hotmail-and-other-webmail-heres-how/
?
?Also, this is a promising project: https://www.mailpile.is/?
--aslamK
http://gplus.to/akwala
PGP key (id: FECF84FB) fingerprint: 736C D83E
32DB A2FD 0208 9113 0FC8 BA7D FECF 84FB
On Wed, Apr 9, 2014 at 6:37 PM, One Jsim wrote:
> PGP/GPG does not work easily with web-mail.
>
> Most email, today, is read and write using the browser
>
> POP ou IMAP mail is a rarity
>
> That is the problem
>
> Some text/link in this problem?
>
> Jos? Sim?es
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From laurent.jumet at skynet.be Thu Apr 10 06:06:33 2014
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Thu, 10 Apr 2014 06:06:33 +0200
Subject: Heartbleed attack on Openssl
In-Reply-To: <5345D5A9.6080007@sixdemonbag.org>
Message-ID:
Hello Robert !
"Robert J. Hansen" wrote:
>> 1) What are the consequences to the ordinary user?
> None. The ordinary user is such an easy target that as bad as this
> attack is, I don't see it as making things any worse.
Does it make sense to disable SSL in my browser for a couple of weeks?
HTTPS is linked with TLS v1.2 128 bit ARC4 (2048 bit RSA/SHA) instead.
--
Laurent Jumet
KeyID: 0xCFAF704C
From dougb at dougbarton.us Thu Apr 10 06:22:19 2014
From: dougb at dougbarton.us (Doug Barton)
Date: Wed, 09 Apr 2014 21:22:19 -0700
Subject: Heartbleed attack on Openssl
In-Reply-To:
References:
Message-ID: <53461C7B.4070205@dougbarton.us>
On 4/9/2014 9:06 PM, Laurent Jumet wrote:
> Does it make sense to disable SSL in my browser for a couple of weeks?
No, but for my own curiosity what is your thought process that leads you
to ask that question?
Doug
From rjh at sixdemonbag.org Thu Apr 10 06:35:52 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 10 Apr 2014 00:35:52 -0400
Subject: Heartbleed attack on Openssl
In-Reply-To:
References:
Message-ID: <53461FA8.3050808@sixdemonbag.org>
On 4/10/2014 12:06 AM, Laurent Jumet wrote:
> Does it make sense to disable SSL in my browser for a couple of weeks?
> HTTPS is linked with TLS v1.2 128 bit ARC4 (2048 bit RSA/SHA) instead.
I am flattered that you think I am a mind reader, but I assure you, I am
not able to use the Heartbleed attack to pull important information out
of your frontal cortex -- like what operating system you're using, what
browser you're using, and so on and so on.
At any rate, these are questions for your browser vendor.
From timprepscius at gmail.com Thu Apr 10 07:40:56 2014
From: timprepscius at gmail.com (Tim Prepscius)
Date: Thu, 10 Apr 2014 01:40:56 -0400
Subject: PGP/GPG does not work easily with web-mail
Message-ID:
PGP actually does work well with web mail.
There are two libraries which do pgp encryption, there are 3 that I
know which do AES-SHA256-CBC-PKCS7. There are at least two libraries
which do pkdf2 sha 256.
There is also one library which does AES-SHA256-GCM, but I'm not sure
if it does pkcs7 or not. (or whether padding is incorporated into
GCM, need to research).
Looking up keys on a pgp key server is trivial, registering a key is
also trivial.
---
However there are some legitimate concerns. The most important to my
mind are javascript injection attacks.
For instance, let's say the NSA takes over your web-mail server. You
think, "well my users' data is fine, because all of the encryption is
happening client side, I never see any of the keys, etc."
However the NSA could *force* you to place code inside your server
which tells the client to send the keys to you randomly.
This would be difficult (not impossible) to detect, and when executed
*once* would completely destroy the privacy of the target machine
forever.
Generally these days, (at least the conversations I've been reading),
people are talking about making "plugins" out of the client side code
and protecting them through the app store. So, I download the app for
the client, I check it's signature. It *NEVER* downloads code again.
I think there are some other solutions to this problem, which I could
babble about, but won't right here.
However, there are still attacks. For instance, I'm the NSA, I've
spent the hours necessary reading through your code to know that if I
write you an email with SO-and-SO pattern, when you display that
e-mail my script will be run. That script then would destroy the
privacy. This is a very hard attack to guard against.
---
In my webmail I'm developing (I wrote one previously using GWT which
was too complicated, too difficult to maintain and enhance, this one
is much simpler). My goals are three fold:
1. raise the cost of the NSA exponentially. I want them to have to
spend considerable time for each target, instead of just "hey Google,
give me these 20,000 peoples' email."
2. re-normalize the idea of privacy. Google has pretty much destroyed
privacy. And they are trying to destroy anonymity as well. I believe
it is important to have by this year's end at least 10 services
running which re-normalize privacy in e-mail. Each service hopefully
will castigate Google and call them for what they are.
3. give "good" security. Nothing will protect you if you are
*actually* some terrorist or something, but it would be nice if we
weren't being big-brothered *all* of the time.
---
I encourage you to look at those others people referenced. Also, if
you care to, take a look at mine as well.
https://github.com/timprepscius/mv
If you need any help setting up a server, let me know. If you are
versed in sys-admin, it should take 5 minutes to get a VM running, or
use something like DigitalOcean.
The benefits of my server, (I think), is that you should be able to
change how it looks and feels without changing any of the fundamental
code. Meaning you can change the html templates and css and what not,
and it will still function correctly. It uses Backbone, so the
rendering is clearly separated from the code/models.
Anyhowz,
If you are looking for perfect security, web mail is not the way to go.
Hopefully a plugin will be able to provide near-ish the same security
that a standalone program with no javascript interpreter might.
But that doesn't mean that PGP WebMail won't be a billion-million
times better than gmail. (can't wait to leave it! so close, soon
soon)
Good night,
-tim
From gnupg at lists.grepular.com Thu Apr 10 10:42:35 2014
From: gnupg at lists.grepular.com (Mike Cardwell)
Date: Thu, 10 Apr 2014 09:42:35 +0100
Subject: PGP/GPG does not work easily with web-mail.
In-Reply-To:
References:
Message-ID: <20140410084235.GA24985@glue.grepular.com>
* on the Wed, Apr 09, 2014 at 11:37:52PM +0100, One Jsim wrote:
> PGP/GPG does not work easily with web-mail.
Roundcube plus the PGP plugin:
http://roundcube.net/
https://github.com/qnrq/rc_openpgpjs
The way it works is pretty cool. You paste your private PGP key into
a form, and it doesn't get submitted to the server, it just gets stored
in the browsers localstorage using JavaScript. So all PGP operations
are done locally in the browser, rather than sending the key off to the
server to do it server side. It's based on openpgp.js, which is basically
a free javascript library for doing OpenPGP:
http://openpgpjs.org/
The only problem is (and it's a big one), you have to trust the
JavaScript that the server sends. The server could always send some
evil JavaScript to you which reads the key from the browser storage
and then sends it back to the server or elsewhere. Also, if there are
any XSS flaws, there's another potential way of losing the key.
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL:
From simoes.two at gmail.com Wed Apr 9 23:08:31 2014
From: simoes.two at gmail.com (Jose Simoes)
Date: Wed, 9 Apr 2014 22:08:31 +0100
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
<53459E1B.60002@fifthhorseman.net>
Message-ID:
PGP/GPG does not work easily with web-mail.
Most email, today, in read and write using the browser
POP ou IMAP mail is a rarity
That is the problem
From p.h.delgado at xoxy.net Thu Apr 10 05:04:48 2014
From: p.h.delgado at xoxy.net (p.h.delgado at xoxy.net)
Date: Thu, 10 Apr 2014 03:04:48 +0000
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
Message-ID: <53460A50.90605@mail.ru>
On 04/09/2014 04:39 PM, Kapil Aggarwal wrote:
...
>
> All thoughts are very much welcome and appreciated.
>
This was put together some time ago for a group of individuals
with a specific use-case. This might not be generally
applicable: it requires a fair bit of understanding of
the fundamentals and it is operated in "command-line-mode".
However, IMHO, it points those intent on implementing
Public-Key-Encryption-for-general-computer-user-population
in the right direction: ditching the whole WebOfTrust
and key co-signing infrastructure in favour of simple,
out-of-channel public key ownership verification.
Comments are welcome.
https://dl.dropboxusercontent.com/u/21922366/gnupg_simple/index.html
delgado
From erik.josefsson at europarl.europa.eu Thu Apr 10 11:24:47 2014
From: erik.josefsson at europarl.europa.eu (JOSEFSSON Erik)
Date: Thu, 10 Apr 2014 09:24:47 +0000
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
<53459E1B.60002@fifthhorseman.net>
,
Message-ID: <4B654B63C9A4614EA1F088B2490E8F3A069AC388@UCEXBWP009.ep.parl.union.eu>
We're trying: https://wiki.debian.org/DebianParl/GreensEFA
Still no IMAP though :-(
//Erik
________________________________________
From: Gnupg-users [gnupg-users-bounces at gnupg.org] on behalf of Jose Simoes [simoes.two at gmail.com]
Sent: Wednesday 9 April 2014 23:08
To: Gnupg-users
Subject: Re: It's 2014. Are we there yet?
PGP/GPG does not work easily with web-mail.
Most email, today, in read and write using the browser
POP ou IMAP mail is a rarity
That is the problem
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From nb.linux at xandea.de Thu Apr 10 12:10:04 2014
From: nb.linux at xandea.de (nb.linux)
Date: Thu, 10 Apr 2014 10:10:04 +0000
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
<53459E1B.60002@fifthhorseman.net>
Message-ID: <53466DFC.9080409@xandea.de>
Jose Simoes:
> PGP/GPG does not work easily with web-mail.
>
> Most email, today, in read and write using the browser
>
> POP ou IMAP mail is a rarity
>
> That is the problem
You (and others) might be interested in the Tails OpenPGP Applet:
https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/
Tails is The Amnesic Incognito Live System, a hardened Live System with Tor.
I'm not sure, but I think that there are plans to include that into Debian.
From mwood at IUPUI.Edu Thu Apr 10 16:50:06 2014
From: mwood at IUPUI.Edu (Mark H. Wood)
Date: Thu, 10 Apr 2014 10:50:06 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
Message-ID: <20140410145005.GB9865@IUPUI.Edu>
On Wed, Apr 09, 2014 at 12:39:44PM -0400, Kapil Aggarwal wrote:
> Let's list a few arguments:
[snip]
> - WTF is a key pair/public key/private key/ terminology>. - J This IS a big problem. I may get it, you may get it, how
> does the average Joe user gain that understanding? The nomenclature needs to
> be, well, something that the average Joe user can understand as well. They
> understood SSL (well, for the most part).
I think this one is easy. The key pair is a mathematical analog of
the old spy trick (I'm sure it's in the movies somewhere) of tearing a
playing card in two, giving one piece to each of two people who do not
know each other but must be able to recognize one another. No two
cards tear *exactly* the same way. And the math does this *much*
better.
I thought that the tradition of the mizpah coin would serve as well,
but I haven't found a good explanation, just advertising and Biblical
backgrounders. As I recall, someone thought to break a soft metal
coin in two, so that the jagged edges would symbolize a unique
relationship, and somehow related it back to the story of the cairn of
stones that symbolized an agreement with God as witness. Nowadays
they mint the things in two pieces, very stylized, and you buy them
already separated. So maybe this is not so useful here.
Anyway, the point is the same: a random process produces a unique
boundary between two complementary pieces, which the holders can use
to identify each other. A computer does it with mathematics that you
don't have to fully understand, so long as you trust someone who
does. If you need to see it in the physical world, just tear a piece
of paper, or break a cookie in two, and contemplate the result.
There are other things you can do with the jagged edges (so to speak)
of these keys, to scramble and unscramble a message, because the two
pieces are related, in a way too complex to easily guess if you don't
have one of them. Go ahead: pick up a pencil and paper, and try to
predict the EXACT shape of the torn edges of a card without seeing it.
One thing you must understand is that the keys are related
*mathematically*, not physically. *Unlike* the card, knowing one shape
does not automatically give you the other. This is useful: it means
that you have a secret which you don't have to share to prove that you
know it.
After that, it's all just multiplying impossibly huge numbers.
That's dumbed down considerably, but I think it gets the basic idea
across simply.
--
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Machines should not be friendly. Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
From kappu at hotmail.com Thu Apr 10 18:23:07 2014
From: kappu at hotmail.com (Kapil Aggarwal)
Date: Thu, 10 Apr 2014 12:23:07 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To: <20140410145005.GB9865@IUPUI.Edu>
References:
<20140410145005.GB9865@IUPUI.Edu>
Message-ID:
If you gave that explanation to my wife.... :) Her eyes would glaze over
before you finished the first paragraph. Not that I disagree with you and it
is actually a very sane/less complex explanation.
My point is that the average Joe user equates SSL with "web security" for
e.g. Whether this notion is right or wrong, doesn't matter, it's what he/she
believes. They don't understand SSL any better than PGP/GPG etc. yet they
"believe" in it. Somehow the message of "secure communications" needs to be
at the same level of simplicity and pervasiveness.
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Mark
H. Wood
Sent: Thursday, April 10, 2014 10:50 AM
To: gnupg-users at gnupg.org
Subject: Re: It's 2014. Are we there yet?
On Wed, Apr 09, 2014 at 12:39:44PM -0400, Kapil Aggarwal wrote:
> Let's list a few arguments:
[snip]
> - WTF is a key pair/public key/private key/ terminology>. - J This IS a big problem. I may get it, you may get it,
> terminology>how
> does the average Joe user gain that understanding? The nomenclature
> needs to be, well, something that the average Joe user can understand
> as well. They understood SSL (well, for the most part).
I think this one is easy. The key pair is a mathematical analog of the old
spy trick (I'm sure it's in the movies somewhere) of tearing a playing card
in two, giving one piece to each of two people who do not know each other
but must be able to recognize one another. No two cards tear *exactly* the
same way. And the math does this *much* better.
I thought that the tradition of the mizpah coin would serve as well, but I
haven't found a good explanation, just advertising and Biblical
backgrounders. As I recall, someone thought to break a soft metal coin in
two, so that the jagged edges would symbolize a unique relationship, and
somehow related it back to the story of the cairn of stones that symbolized
an agreement with God as witness. Nowadays they mint the things in two
pieces, very stylized, and you buy them already separated. So maybe this is
not so useful here.
Anyway, the point is the same: a random process produces a unique boundary
between two complementary pieces, which the holders can use to identify each
other. A computer does it with mathematics that you don't have to fully
understand, so long as you trust someone who does. If you need to see it in
the physical world, just tear a piece of paper, or break a cookie in two,
and contemplate the result.
There are other things you can do with the jagged edges (so to speak) of
these keys, to scramble and unscramble a message, because the two pieces are
related, in a way too complex to easily guess if you don't have one of them.
Go ahead: pick up a pencil and paper, and try to predict the EXACT shape of
the torn edges of a card without seeing it.
One thing you must understand is that the keys are related *mathematically*,
not physically. *Unlike* the card, knowing one shape does not automatically
give you the other. This is useful: it means that you have a secret which
you don't have to share to prove that you know it.
After that, it's all just multiplying impossibly huge numbers.
That's dumbed down considerably, but I think it gets the basic idea across
simply.
--
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Machines should not be friendly. Machines should be obedient.
From rjh at sixdemonbag.org Thu Apr 10 21:33:07 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 10 Apr 2014 12:33:07 -0700
Subject: It's 2014. Are we there yet?
In-Reply-To: <20140410145005.GB9865@IUPUI.Edu>
References:
<20140410145005.GB9865@IUPUI.Edu>
Message-ID: <20140410123307.Horde.w8Lq9cSQxZP_qbXnHihANA1@mail.sixdemonbag.org>
> I think this one is easy. The key pair is a mathematical analog of
> the old spy trick (I'm sure it's in the movies somewhere) of tearing a
> playing card in two, giving one piece to each of two people who do not
> know each other but must be able to recognize one another. No two
> cards tear *exactly* the same way. And the math does this *much*
> better.
I prefer an analogy of a mailbox.
Anyone can drop a letter in my mailbox. You walk up to it, slip the
letter through the mail slot, and you're done. However, only I have
the key to my mailbox: once you've dropped it in my mail slot, you can
no longer read your own message. After all, you don't have the key to
my mailbox. And my mailbox doesn't have to be secret: it's public
knowledge where it is. Anyone can drop a letter through the mail
slot, and it doesn't affect the secrecy of the messages. Knowing how
to leave a message for me doesn't help you read messages that other
people leave for me, but if I lose the keys to my mailbox then I'm in
a lot of trouble.
Most of the people I deal with have used mailboxes and mail slots
before. The analogy seems to work well with them. YMMV, of course. :)
From kappu at hotmail.com Fri Apr 11 02:01:17 2014
From: kappu at hotmail.com (Kapil Aggarwal)
Date: Thu, 10 Apr 2014 20:01:17 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To: <20140410123307.Horde.w8Lq9cSQxZP_qbXnHihANA1@mail.sixdemonbag.org>
References:
<20140410145005.GB9865@IUPUI.Edu>
<20140410123307.Horde.w8Lq9cSQxZP_qbXnHihANA1@mail.sixdemonbag.org>
Message-ID:
Now, that is something that would go down well with the average Joe user.
Mucho Gracias.
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Robert
J. Hansen
Sent: Thursday, April 10, 2014 3:33 PM
To: gnupg-users at gnupg.org
Subject: Re: It's 2014. Are we there yet?
> I think this one is easy. The key pair is a mathematical analog of
> the old spy trick (I'm sure it's in the movies somewhere) of tearing a
> playing card in two, giving one piece to each of two people who do not
> know each other but must be able to recognize one another. No two
> cards tear *exactly* the same way. And the math does this *much*
> better.
I prefer an analogy of a mailbox.
Anyone can drop a letter in my mailbox. You walk up to it, slip the letter
through the mail slot, and you're done. However, only I have the key to my
mailbox: once you've dropped it in my mail slot, you can no longer read your
own message. After all, you don't have the key to my mailbox. And my
mailbox doesn't have to be secret: it's public knowledge where it is.
Anyone can drop a letter through the mail slot, and it doesn't affect the
secrecy of the messages. Knowing how to leave a message for me doesn't help
you read messages that other people leave for me, but if I lose the keys to
my mailbox then I'm in a lot of trouble.
Most of the people I deal with have used mailboxes and mail slots before.
The analogy seems to work well with them. YMMV, of course. :)
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From gnupg at tim.thechases.com Thu Apr 10 23:18:21 2014
From: gnupg at tim.thechases.com (Tim Chase)
Date: Thu, 10 Apr 2014 16:18:21 -0500
Subject: Encrypted file-size approximation with multiple recipients
In-Reply-To: <53422417.7080206@fifthhorseman.net>
References: <20140401200128.46b62b28@bigbox.christie.dr>
<015D1F30-1587-470E-860B-DDFC899BECF3@jabberwocky.com>
<20140402120720.3ac7dcf2@bigbox.christie.dr>
<53422417.7080206@fifthhorseman.net>
Message-ID: <20140410161821.2a04f689@bigbox.christie.dr>
On 2014-04-07 00:05, Daniel Kahn Gillmor wrote:
> It sounds to me like you might be setting up some sort of automated
> encrypted JSON message-passing scheme. If so, you should be aware
> that if any of the encrypted JSON could be controlled by an
> attacker, that attacker could possibly learn information about the
> other parts of the message that are not controlled by them when
> using compression, just by inspecting the size of the traffic.
Thanks for the heads-up. If I understand you (after some further
reading on CRIME attacks), this only is an issue in the event that a
3rd party is injecting content into the requests and then able to
see the resulting encrypted data. In my use-case, the encrypting party
is in control of the entire message (modulo some metadata controlled
by my wrapping app, including nothing from other parties) so such a
CRIME attack would have to be self-inflicted, and yield unsurprising
results because it would reveal message content they already possess.
Thanks,
-Tim
From cwal989 at comcast.net Thu Apr 10 22:33:15 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Thu, 10 Apr 2014 16:33:15 -0400
Subject: Heartbleed attack on Openssl
In-Reply-To: <53460C74.2000208@sixdemonbag.org>
References:
<53460C74.2000208@sixdemonbag.org>
Message-ID: <5347000B.4090508@comcast.net>
On 4/9/2014 11:13 PM, Robert J. Hansen wrote:
>> Thanks everyone for the quick and complete feedback. New questions arose:
>
> Again, you will have better luck asking on an OpenSSL mailing list.
> There is no guarantee that anyone on this mailing list is an expert in
> OpenSSL.
I, for one, admit that I am not an expert on OpenSSL. *IF* I were, I would be
posting on the OpenSSL mailing lists about the bug.
I doubt that ANYONE, including the OpenSSL community and developers know just
how serious this bug has compromised the general security of the Internet, or
what sites were actually (not theoretically could be) compromised. There is
just not enough information to make any definitive statements on that issue,
and there probably never will be given all of the other bugs (known and
unknown) that can compromise a server's security.
As for regular users, from what I've read, there is really no additional risk
to what you face from spyware, keyloggers, other malware and upstream bugs.
That is UNLESS you either use a vulnerable version of OpenSSL with a data
storage / encryption application to store site user names and passwords, credit
/ debit card information, etc., or you run a server on your system that has a
vulnerable version of OpenSSL.
In any case, I have to agree with you, Robert, the best place for information
is the official heartbleed site and the OpenSSL mailing lists.
From JPClizbe at GingerBear.net Fri Apr 11 00:22:09 2014
From: JPClizbe at GingerBear.net (John Clizbe)
Date: Thu, 10 Apr 2014 17:22:09 -0500
Subject: It's 2014. Are we there yet?
In-Reply-To: <53458A50.2050906@sixdemonbag.org>
References:
<53458A50.2050906@sixdemonbag.org>
Message-ID: <53471991.5070508@GingerBear.net>
The send from last night seems to have gone astray.
Robert J. Hansen wrote:
>> The ?secure communications? paradigm of course spans a whole spectrum
>> from ?I don?t give a ****? to ?I?ll do anything to protect my
>> communications, including giving away my first born?. I suspect the
>> ?average Joe user? in 2014 is slightly above the former, but way below
>> the latter. Without going to the other end of the spectrum, what will
>> make adoption of secure communications a bit more palatable to the
>> ?average Joe user??
>
> Every year or so this subject comes up, and my answers are unchanged
> from last time: start by reading up on academic papers studying this
> exact problem. For a while John Clizbe and I kept a list of good
> papers, but I have to confess I haven't been keeping up on the latest
> literature. Still, our last list is pretty good reading.
>
> (These selections come from both John and me, but John is the one who
> assembled them into proper cite format -- thanks, John. For the
> original message, see "Re: what is killing PKI?" on this mailing list,
> posted on 24 Aug 2012.)
>
> =====
Oh yeah, THAT thread. There hasn't been much new work that I've seen.
Certainly nothing invalidating any of these.
The list along with available from links:
Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006.
Secrecy, flagging, and paranoia: adoption criteria in encrypted email.
In Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems (Montreal, Quebec, Canada, April 22 - 27, 2006).
R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and
G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600.
DOI= http://doi.acm.org/10.1145/1054972.1055069
Available at: http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf
I would also add
Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E.,
and Miller, R. C. 2005. How to make secure email easier to use.
In _Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems_ (Portland, Oregon, USA, April 02 - 07, 2005).
CHI '05. ACM, New York, NY, 701-710.
DOI= http://doi.acm.org/10.1145/1054972.1055069
Available at: http://simson.net/ref/2004/chi2005_smime_submitted.pdf
And a perennial favorite:
Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J.
Hyland. Why Johnny Still Can?t Encrypt: Evaluating the Usability of
Email Encryption Software. Poster session, 2006 Symposium On Usable
Privacy and Security, Pittsburgh, PA, July 2006.
http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstract.pdf
And its predecessor:
Alma Whitten and J.D. Tygar. Why Johnny Can?t Encrypt: A Usability
Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security
Symposium, Washington, DC, August 1999.
http://bit.ly/OaEeTD
> > Everyone on this mailing list has their own pet theory for why PKI
> > adoption is so lousy. All of us are probably wrong. However,
> > published, peer-reviewed studies of PKI adoption and the forces driving
> > and inhibiting them are probably less wrong.
The peer reviewed literature has many, many, references on this topic.
They're a great place to start when assumptions and pet theories take root.
http://scholar.google.com/scholar?q=email+encryption
++++++++++++
2nd msg:Chatting with Kristen [Fiskerstrand], he pointed me to
Usability of Security: A Case Study. Alma Whitten and J. D. Tygar.
Carnegie Mellon University Computer Science technical report CMU-CS-98-155,
December 1998.
Abstract:
http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA361032
'The unmotivated user property' and 'The abstraction property' are
particularly worth noting and keeping in mind.
-John
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 520 bytes
Desc: OpenPGP digital signature
URL:
From dan at geer.org Fri Apr 11 04:54:12 2014
From: dan at geer.org (dan at geer.org)
Date: Thu, 10 Apr 2014 22:54:12 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To: Your message of "Wed, 09 Apr 2014 23:36:25 BST."
Message-ID: <20140411025412.35F682280F0@palinka.tinho.net>
> One possible answer: https://www.mailpile.is/faq/
* Where does Mailpile store my mail?
With Mailpile, your e-mail is downloaded from the Internet
(via an email server POP3 / IMAP), and stored locally on the
computer where Mailpile is running.
* Then how do I access it when my computer is turned off?
You don't!
Exactly so.
Putting aside, for the moment, outright attacks, the individual or
the enterprise that outsources its e-mail to a third party thereby
creates by itself and for itself the risk of silent subpoenas
delivered to their outsourcer. If, instead, the individual or the
enterprise insources its e-mail then at the very least it knows
when its data assets are being sought because the subpoena comes
to them. Maybe insourcing your e-mail is too much work, but need
I remind anyone that plaintext e-mail cannot be web-bugged, so why
would anyone ever render HTML e-mail at all?
Apologies,
--dan
From nico at josuttis.de Thu Apr 10 18:03:17 2014
From: nico at josuttis.de (Nicolai Josuttis)
Date: Thu, 10 Apr 2014 18:03:17 +0200
Subject: GPG and BCC
Message-ID: <5346C0C5.8050704@josuttis.de>
Recently I was reading
http://crypto.stanford.edu/portia/papers/bb-bcc.pdf
However, I don't know how old this article is and whether we still have
a conceptional or concrete problem using encryption and bcc with GPG.
I also found no answer on this in the FAQ you "startpaging" (using
startpage.com) the terms.
So:
Can anybody answer/explain whether there is or might be a problem or
risk if using encryption combined with bcc addresses with GPG?
And if so, what should I do/avoid to run into this problem?
I am especially interested in an answer which helps me to understand
WHY there is or might be a/no problem.
In fact:
- Does GPG reveal the number of BCC rcipients?
- Does GPG reveal BCC identities (partially)?
If the answer depends on the browser or other components, please tell me.
The reason I ask is because for a UI to be programmed on top of GPG
I want to understand which warnings I should raise or
what I should deny
when users try to send encrypted emails also to bcc receivers.
And if there is a place discussing and answering that please tell me.
I didn't find one.
Thanks a lot.
--
Nico
From p.h.delgado at xoxy.net Fri Apr 11 10:37:10 2014
From: p.h.delgado at xoxy.net (p.h.delgado at xoxy.net)
Date: Fri, 11 Apr 2014 08:37:10 +0000
Subject: GPG and BCC
In-Reply-To: <5346C0C5.8050704@josuttis.de>
References: <5346C0C5.8050704@josuttis.de>
Message-ID: <5347A9B6.8070908@mail.ru>
On 04/10/2014 04:03 PM, Nicolai Josuttis wrote:
> Recently I was reading
> http://crypto.stanford.edu/portia/papers/bb-bcc.pdf
This article is quite misleading.
Encryption process knows nothing about the "bcc" functionality of the
e-mail system (or, indeed, any system) used to transport the generated
cipher-text. Cipher-text does, under normal MO, include the
identification of the keys of all the recipients when the message
is "encrypted for multiple recipients". While this can be circumvented,
such practice introduces additional burden and fragility on the
recipients and the transport system has no way of knowing it.
In short, GPG encrypted messages should never be encrypted to
multiple recipients if it is undesirable that they are able
to learn the identity of all the recipients. From that, every
recipient can learn public key and thus of the identity of all
the co-recipients. This would be the case no matter what is the
transportation system used to distribute the cipher-text. From
the e-mail system point of view, it would be the same as sending
a message to a list of bcc addresses but include the list of those
addresses in the body of the message itself.
delgado
From nb.linux at xandea.de Fri Apr 11 12:03:20 2014
From: nb.linux at xandea.de (nb.linux)
Date: Fri, 11 Apr 2014 10:03:20 +0000
Subject: GPG and BCC
In-Reply-To: <5347A9B6.8070908@mail.ru>
References: <5346C0C5.8050704@josuttis.de> <5347A9B6.8070908@mail.ru>
Message-ID: <5347BDE8.6020605@xandea.de>
p.h.delgado at xoxy.net:
> On 04/10/2014 04:03 PM, Nicolai Josuttis wrote:
>> Recently I was reading
>> http://crypto.stanford.edu/portia/papers/bb-bcc.pdf
If the addressees aren't bored with that, you could add the
`--throw-keyids' option. For enigmail this would be the
`extensions.enigmail.agentAdditionalParam' key.
This would remove the key IDs from the message. On the other hand, the
receivers will be asked for a passphrase until a matching key (one that
can decrypt the message) is found, for every key they have.
>From the man page:
> --throw-keyids
>
> --no-throw-keyids
> Do not put the recipient key IDs into encrypted messages. This
> helps to hide the receivers of the message and is a limited
> countermeasure against traffic analysis. ([Using a little social
> engineering anyone who is able to decrypt the message can check
> whether one of the other recipients is the one he suspects.])
> On the receiving side, it may slow down the decryption process
> because all available secret keys must be tried. --no-throw-
> keyids disables this option. This option is essentially the same
> as using --hidden-recipient for all recipients.
cheers,
--nb.linux
From cspitzer at godaddy.com Fri Apr 11 17:31:45 2014
From: cspitzer at godaddy.com (Charles Spitzer)
Date: Fri, 11 Apr 2014 15:31:45 +0000
Subject: It's 2014. Are we there yet?
In-Reply-To: <20140411025412.35F682280F0@palinka.tinho.net>
References: Your message of "Wed, 09 Apr 2014 23:36:25 BST."
<20140411025412.35F682280F0@palinka.tinho.net>
Message-ID: <98f5135cf9ae4197aa4dade0c0f17465@BLUPR02MB066.namprd02.prod.outlook.com>
Except when your ISP is silently subpoenaed and they satisfy it without notifying you. There's no telling what the ISP has stashed away without your knowledge.
I have had my gmail email subpoenaed, but Google notified me when they received it that they would supply the requested data on a specific date unless I filed in a CA court reasons why they should not do so.
Regards,
Charlie
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of dan at geer.org
Sent: Thursday, April 10, 2014 7:54 PM
To: Sam Kuper
Cc: gnupg-users mailing list
Subject: Re: It's 2014. Are we there yet?
> One possible answer: https://www.mailpile.is/faq/
* Where does Mailpile store my mail?
With Mailpile, your e-mail is downloaded from the Internet
(via an email server POP3 / IMAP), and stored locally on the
computer where Mailpile is running.
* Then how do I access it when my computer is turned off?
You don't!
Exactly so.
Putting aside, for the moment, outright attacks, the individual or the enterprise that outsources its e-mail to a third party thereby creates by itself and for itself the risk of silent subpoenas delivered to their outsourcer. If, instead, the individual or the enterprise insources its e-mail then at the very least it knows when its data assets are being sought because the subpoena comes to them. Maybe insourcing your e-mail is too much work, but need I remind anyone that plaintext e-mail cannot be web-bugged, so why would anyone ever render HTML e-mail at all?
Apologies,
--dan
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From kappu at hotmail.com Fri Apr 11 17:56:32 2014
From: kappu at hotmail.com (Kapil Aggarwal)
Date: Fri, 11 Apr 2014 11:56:32 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To: <98f5135cf9ae4197aa4dade0c0f17465@BLUPR02MB066.namprd02.prod.outlook.com>
References: Your message of "Wed, 09 Apr 2014 23:36:25 BST."
<20140411025412.35F682280F0@palinka.tinho.net>
<98f5135cf9ae4197aa4dade0c0f17465@BLUPR02MB066.namprd02.prod.outlook.com>
Message-ID:
What if you used multiple email addresses between two parties and at random
picked one to communicate?
Sure there will be a copy on the ISPs servers, but it'll be encrypted as
such and the email addresses can be changed on a frequent/infrequent basis.
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of
Charles Spitzer
Sent: Friday, April 11, 2014 11:32 AM
To: dan at geer.org; Sam Kuper
Cc: gnupg-users mailing list
Subject: RE: It's 2014. Are we there yet?
Except when your ISP is silently subpoenaed and they satisfy it without
notifying you. There's no telling what the ISP has stashed away without your
knowledge.
I have had my gmail email subpoenaed, but Google notified me when they
received it that they would supply the requested data on a specific date
unless I filed in a CA court reasons why they should not do so.
Regards,
Charlie
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of
dan at geer.org
Sent: Thursday, April 10, 2014 7:54 PM
To: Sam Kuper
Cc: gnupg-users mailing list
Subject: Re: It's 2014. Are we there yet?
> One possible answer: https://www.mailpile.is/faq/
* Where does Mailpile store my mail?
With Mailpile, your e-mail is downloaded from the Internet
(via an email server POP3 / IMAP), and stored locally on the
computer where Mailpile is running.
* Then how do I access it when my computer is turned off?
You don't!
Exactly so.
Putting aside, for the moment, outright attacks, the individual or the
enterprise that outsources its e-mail to a third party thereby creates by
itself and for itself the risk of silent subpoenas delivered to their
outsourcer. If, instead, the individual or the enterprise insources its
e-mail then at the very least it knows when its data assets are being sought
because the subpoena comes to them. Maybe insourcing your e-mail is too
much work, but need I remind anyone that plaintext e-mail cannot be
web-bugged, so why would anyone ever render HTML e-mail at all?
Apologies,
--dan
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From ashtongj at comcast.net Fri Apr 11 18:33:32 2014
From: ashtongj at comcast.net (Gerard Ashton)
Date: Fri, 11 Apr 2014 12:33:32 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To:
References: Your message of "Wed, 09 Apr 2014 23:36:25 BST."
<20140411025412.35F682280F0@palinka.tinho.net>
<98f5135cf9ae4197aa4dade0c0f17465@BLUPR02MB066.namprd02.prod.outlook.com>
Message-ID: <000801cf55a3$c7922e30$56b68a90$@comcast.net>
> Sent: Friday, April 11, 2014 11:57 AM
> Subject: RE: It's 2014. Are we there yet?
>
> What if you used multiple email addresses between two parties and at
random picked one to communicate?
>
> Sure there will be a copy on the ISPs servers, but it'll be encrypted as
such and the email addresses can be changed on a frequent/infrequent basis.
I don't think the technique is compatible with the subject of the thread:
"It's 2014. Are we there yet?" This implies email encryption that's easy to
install and easy to use routinely, with almost everyone. Multiple email
addresses is a non-starter.
Gerry Ashton
From one.jsim at gmail.com Fri Apr 11 20:16:14 2014
From: one.jsim at gmail.com (One Jsim)
Date: Fri, 11 Apr 2014 19:16:14 +0100
Subject: It's 2014. Are we there yet?
Message-ID:
>
> PRELIMINARIES
>
> In the '90 (I am old!) I was a moderated evangelist of the universal use
> of PGP (and later GPG) and public key infrastructure (web of trust) in
> order to achieve acceptable universal privacy and trust in email
> communication.
>
> At the time I have a good comprehension of the principles involved.
> Although I am physics?s PhD, I have also been a computer buff since the
> '70 and almost all my work involve and has always involved a lot of
> mathematics, computers and all sort of information technologies.
>
> At that time most of the people, using email, did that through an email
> client (that was usually also a news - remember usenet - client ) using
> the POP (POP3) and latter IMAP and IMAP4. protocols.
>
> HOWEVER
>
> The idea NEVER took off, despite the internet users, at that time, were
> quite well-informed about the technicalities of the technology they used.
>
> I still maintain a neat pair of public-private keys, with an insanely
> complex password, and keeping the private key itself inside a password
> manager utility (keePass) together with more mundane passwords.
>
> (Once in a while I use my public key to encode sensitive documents, that I
> may or may not, send as email attachments).
>
> FAST FORWARD
>
> Nowadays most people use web-mail (gmail, yahoo, hotmail, outlook.com,
> etc), not pop mail, and understand almost nothing of computer science (rare
> web-mail providers let you use POP/IMAP, most times under conditions).
>
> And in a very next future they will be using iOS, android, ChromeOS (all,
> in any of the available versions) just to mention the more popular ones
> at the moment, that not even use (E)SMTP, I think.
>
>
> Facing those facts I concluded that the idea of private email for the
> masses is not feasible in the near future.
>
> Write a document->encrypt with public key->send as an email attachmente
> (better as compressed RAR) is the only option I found useful yet. To sign
> the document can also be useful.
>
> ANY COMMENT?
>
> Is useless to refer magic software in test that will solve everything, but
> is not going to materialize ever.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From kappu at hotmail.com Fri Apr 11 20:30:47 2014
From: kappu at hotmail.com (Kapil Aggarwal)
Date: Fri, 11 Apr 2014 14:30:47 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
Message-ID:
I?ll have to disagree. I think there?s a growing sense of ?uhhh
maybe these
email providers are not such a good idea after all?.
And something else to note. Every iOS or Android or Windows 8/mobile device
(except ChromeOS based) includes a mail ?app/program? which includes POP and
IMAP functionality. And every single ?webmail? provider offers alternate
means (like POP/IMAP) to access their webmail.
I seriously doubt dedicated email clients are going away anytime soon. The
protocols may change over time, but there will always be a need for a
dedicated program for email.
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of One
Jsim
Sent: Friday, April 11, 2014 2:16 PM
To: Gnupg-users
Subject: Re: It's 2014. Are we there yet?
PRELIMINARIES
In the '90 (I am old!) I was a moderated evangelist of the universal use of
PGP (and later GPG) and public key infrastructure (web of trust) in order to
achieve acceptable universal privacy and trust in email communication.
At the time I have a good comprehension of the principles involved. Although
I am physics?s PhD, I have also been a computer buff since the '70 and
almost all my work involve and has always involved a lot of mathematics,
computers and all sort of information technologies.
At that time most of the people, using email, did that through an email
client (that was usually also a news - remember usenet - client ) using the
POP (POP3) and latter IMAP and IMAP4. protocols.
HOWEVER
The idea NEVER took off, despite the internet users, at that time, were
quite well-informed about the technicalities of the technology they used.
I still maintain a neat pair of public-private keys, with an insanely
complex password, and keeping the private key itself inside a password
manager utility (keePass) together with more mundane passwords.
(Once in a while I use my public key to encode sensitive documents, that I
may or may not, send as email attachments).
FAST FORWARD
Nowadays most people use web-mail (gmail, yahoo, hotmail, outlook.com, etc),
not pop mail, and understand almost nothing of computer science (rare
web-mail providers let you use POP/IMAP, most times under conditions).
And in a very next future they will be using iOS, android, ChromeOS (all,
in any of the available versions) just to mention the more popular ones at
the moment, that not even use (E)SMTP, I think.
Facing those facts I concluded that the idea of private email for the masses
is not feasible in the near future.
Write a document->encrypt with public key->send as an email attachmente
(better as compressed RAR) is the only option I found useful yet. To sign
the document can also be useful.
ANY COMMENT?
Is useless to refer magic software in test that will solve everything, but
is not going to materialize ever.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rjh at sixdemonbag.org Fri Apr 11 20:47:03 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 11 Apr 2014 14:47:03 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
Message-ID: <534838A7.9050205@sixdemonbag.org>
> I?ll have to disagree. I think there?s a growing sense of ?uhhh?maybe
> these email providers are not such a good idea after all?.
In 2007-8 (the last time I taught undergrad Computer Literacy), over a
third of my students only used email for university business (like
submitting papers to me) and talking to their older relatives. Among
their own age bracket, most communication was done through Facebook.
(Today it's more Instagram and Snapchat and the percentage is
approaching 50%, according to my friends who are still teaching.)
But yes, email really is on the way out as a communications medium. The
younger generation sees it as an antiquated technology. I suspect in
another 20 years it'll be used about as much as Gopher is today.
From kappu at hotmail.com Fri Apr 11 21:08:24 2014
From: kappu at hotmail.com (Kapil Aggarwal)
Date: Fri, 11 Apr 2014 15:08:24 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To: <534838A7.9050205@sixdemonbag.org>
References:
<534838A7.9050205@sixdemonbag.org>
Message-ID:
Sure. But I think that age group is not the intended target audience for
secure communications.
The target audience that does want to (potentially) use secure
communications has a very large technological barrier to entry. Hence they
don't use it.
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Robert
J. Hansen
Sent: Friday, April 11, 2014 2:47 PM
To: gnupg-users at gnupg.org
Subject: Re: It's 2014. Are we there yet?
> I'll have to disagree. I think there's a growing sense of "uhhh.maybe
> these email providers are not such a good idea after all".
In 2007-8 (the last time I taught undergrad Computer Literacy), over a third
of my students only used email for university business (like submitting
papers to me) and talking to their older relatives. Among their own age
bracket, most communication was done through Facebook.
(Today it's more Instagram and Snapchat and the percentage is approaching
50%, according to my friends who are still teaching.)
But yes, email really is on the way out as a communications medium. The
younger generation sees it as an antiquated technology. I suspect in
another 20 years it'll be used about as much as Gopher is today.
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From cspitzer at godaddy.com Fri Apr 11 21:14:41 2014
From: cspitzer at godaddy.com (Charles Spitzer)
Date: Fri, 11 Apr 2014 19:14:41 +0000
Subject: It's 2014. Are we there yet?
In-Reply-To: <534838A7.9050205@sixdemonbag.org>
References:
<534838A7.9050205@sixdemonbag.org>
Message-ID:
It's happening even faster. My kids, in their mid to late 30s, don't use email at all. It's all quick, instant gratification type communications, like texts or their internet-type ilk. Almost none of their friends uses email anymore.
Regards,
Charlie
480.505.8800 x4123
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Robert J. Hansen
Sent: Friday, April 11, 2014 11:47 AM
To: gnupg-users at gnupg.org
Subject: Re: It's 2014. Are we there yet?
> I'll have to disagree. I think there's a growing sense of "uhhh...maybe
> these email providers are not such a good idea after all".
In 2007-8 (the last time I taught undergrad Computer Literacy), over a third of my students only used email for university business (like submitting papers to me) and talking to their older relatives. Among their own age bracket, most communication was done through Facebook.
(Today it's more Instagram and Snapchat and the percentage is approaching 50%, according to my friends who are still teaching.)
But yes, email really is on the way out as a communications medium. The younger generation sees it as an antiquated technology. I suspect in another 20 years it'll be used about as much as Gopher is today.
From gnupg at lists.grepular.com Fri Apr 11 21:18:29 2014
From: gnupg at lists.grepular.com (Mike Cardwell)
Date: Fri, 11 Apr 2014 20:18:29 +0100
Subject: It's 2014. Are we there yet?
In-Reply-To: <534838A7.9050205@sixdemonbag.org>
References:
<534838A7.9050205@sixdemonbag.org>
Message-ID: <20140411191829.GA29577@glue.grepular.com>
* on the Fri, Apr 11, 2014 at 02:47:03PM -0400, Robert J. Hansen wrote:
>> I?ll have to disagree. I think there?s a growing sense of ?uhhh?maybe
>> these email providers are not such a good idea after all?.
>
> In 2007-8 (the last time I taught undergrad Computer Literacy), over a
> third of my students only used email for university business (like
> submitting papers to me) and talking to their older relatives. Among
> their own age bracket, most communication was done through Facebook.
> (Today it's more Instagram and Snapchat and the percentage is
> approaching 50%, according to my friends who are still teaching.)
And when those students finish University and get jobs, do they use
Facebook, Instagram and Snapchat at work, or do they use Email at work?
The fact that alternative communication methods exist that are more
suitable for certain types of conversations between certain people,
isn't that interesting. Email does not need to be used for even the
majority of online communication in order for it to be successfull.
> But yes, email really is on the way out as a communications medium. The
> younger generation sees it as an antiquated technology. I suspect in
> another 20 years it'll be used about as much as Gopher is today.
I don't find, "kids don't use email for casual conversations" to be a very
convincing argument that email is on its way out. In 20 years, Facebook
will be a footnote on wikipedia, but people will still be using Email,
in some form or other.
There will always be a system for pushing messages around electronically
that isn't tied to a single provider. If email is replaced, it will be
by something similar to email. Not by whichever social network the kids
are currently using.
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL:
From rjh at sixdemonbag.org Fri Apr 11 21:35:20 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 11 Apr 2014 15:35:20 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To: <20140411191829.GA29577@glue.grepular.com>
References:
<534838A7.9050205@sixdemonbag.org> <20140411191829.GA29577@glue.grepular.com>
Message-ID: <534843F8.8040602@sixdemonbag.org>
> And when those students finish University and get jobs, do they use
> Facebook, Instagram and Snapchat at work, or do they use Email at work?
Right now, Microsoft Sharepoint is in use at 80% of Fortune 500 firms.
Normally it's used to set up internal social networking for the company.
Some firms are adopting it halfheartedly, and other firms are seeing it
significantly cut into email usage. The trend is upwards.
Whether I think this is wise makes no difference to whether I see this
happening. I think it's unwise, and I see it happening in droves.
> I don't find, "kids don't use email for casual conversations" to be a very
> convincing argument that email is on its way out.
I find it to be an overwhelming one. The future has spoken, and it
thinks email is for old folks and fuddy-duddies. No technology can be
said to be ascendant, or even keeping its market share, if future
generations are not signing on to use it.
Will email still be around in twenty years? Sure. But we still have
Gopher servers today, too.
From dan at geer.org Fri Apr 11 22:07:32 2014
From: dan at geer.org (dan at geer.org)
Date: Fri, 11 Apr 2014 16:07:32 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To: Your message of "Fri, 11 Apr 2014 15:35:20 EDT."
<534843F8.8040602@sixdemonbag.org>
Message-ID: <20140411200732.CD3F8228116@palinka.tinho.net>
I employ quite a few young people on my farm. Text messages
are almost entirely what they do. Two (that I know of) are
*never* without their phones but at the time *never* use them
for voice comms. The only way to reach them is text. One of
those claims that he has never answered a call on a mobile phone.
Small sample,...
--dan
From rjh at sixdemonbag.org Fri Apr 11 22:08:36 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 11 Apr 2014 16:08:36 -0400
Subject: It's 2014. Are we there yet?
In-Reply-To:
References:
<534838A7.9050205@sixdemonbag.org>
Message-ID: <53484BC4.70901@sixdemonbag.org>
> Sure. But I think that age group is not the intended target audience
> for secure communications.
You might want to think long and hard about that.
College campuses are filled with politically active young people who
have just received the right to vote and are consumed with passionate
intensity about their rights -- including their right to privacy.
They're young, politically active, mostly left-wing, and more
technologically adept than their parents. They also shape future trends
and future political debates.
If they're not your target audience, then you're doing it wrong.
From kloecker at kde.org Fri Apr 11 22:59:21 2014
From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=)
Date: Fri, 11 Apr 2014 22:59:21 +0200
Subject: GPG and BCC
In-Reply-To: <5346C0C5.8050704@josuttis.de>
References: <5346C0C5.8050704@josuttis.de>
Message-ID: <1430606.o2gaqJObOZ@thufir.ingo-kloecker.de>
On Thursday 10 April 2014 18:03:17 Nicolai Josuttis wrote:
> Can anybody answer/explain whether there is or might be a problem or
> risk if using encryption combined with bcc addresses with GPG?
> And if so, what should I do/avoid to run into this problem?
> I am especially interested in an answer which helps me to understand
> WHY there is or might be a/no problem.
> In fact:
> - Does GPG reveal the number of BCC rcipients?
> - Does GPG reveal BCC identities (partially)?
Those questions have already been answered by the others.
> If the answer depends on the browser or other components, please tell
> me.
>
> The reason I ask is because for a UI to be programmed on top of GPG
> I want to understand which warnings I should raise or
> what I should deny
> when users try to send encrypted emails also to bcc receivers.
Apart from using the '--throw-keyids' option you could send multiple
copies of the message. One copy for the public recipients which is
encrypted with the keys of all public recipients (To, Cc). And n copies
for the n Bcc recipients where each copy is encrypted with the key of
one Bcc recipient. That's what KMail does.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL:
From nico at josuttis.de Sat Apr 12 11:00:16 2014
From: nico at josuttis.de (Nicolai Josuttis)
Date: Sat, 12 Apr 2014 11:00:16 +0200
Subject: PGP and GPG and bcc
Message-ID: <534900A0.20002@josuttis.de>
Thanks a lot for all answers regarding my question regarding GPG and bcc.
Allow me to summarize what I learned for both:
- double checking that I understood everything correctly
- documenting this for others
(I found no place where it is explained;
therefore also the change in the subject)
In general,
if sending emails encrypted (or in general sending cipher-text)
then the usual approach is that this text contains the identity
of those who should receive the message.
This is to help to find the place where the key for that identity is
stored (note that there might be multiple receivers).
That means:
- In general, adding the "usual key" for a bcc receiver
would reveal the identity of this receiver.
Thus, a bcc receiver becomes more or less a cc receiver.
Or:
===
In general, the concept of BCC is BROKEN
when sending encrypted emails
with keys for the bcc recipients.
To deal with that, mailers have multiple options
when users try to send encrypted emails to bcc recipients:
- Don't allow that (or only with strong request for confirmation).
- Don't add keys for bcc recipients at all.
This probably only makes sense if bcc recipients can use
one of the other of the keys in the message.
- Don't add the identities for the keys of bcc recipients
- with GPG you can e.g. use --hidden-recipient instead of --recipient
(see also --throw-keyids)
Then, however, recipients might have to try to use their key
against any of the passed key without identity
(slows down decryption with multiple bcc recipients).
- Split the email, sending it to each bcc recipient separately.
Note that mailers should take into account not only for
sending bcc to others but also for the common case
where senders (always) bcc to themselves
(using a different but may be secret email address).
--
Nico
From gnupg at lists.grepular.com Sat Apr 12 13:15:43 2014
From: gnupg at lists.grepular.com (Mike Cardwell)
Date: Sat, 12 Apr 2014 12:15:43 +0100
Subject: It's 2014. Are we there yet?
In-Reply-To: <534843F8.8040602@sixdemonbag.org>
References:
<534838A7.9050205@sixdemonbag.org>
<20140411191829.GA29577@glue.grepular.com>
<534843F8.8040602@sixdemonbag.org>
Message-ID: <20140412111543.GA24332@glue.grepular.com>
* on the Fri, Apr 11, 2014 at 03:35:20PM -0400, Robert J. Hansen wrote:
>> And when those students finish University and get jobs, do they use
>> Facebook, Instagram and Snapchat at work, or do they use Email at work?
>
> Right now, Microsoft Sharepoint is in use at 80% of Fortune 500 firms.
> Normally it's used to set up internal social networking for the company.
> Some firms are adopting it halfheartedly, and other firms are seeing it
> significantly cut into email usage. The trend is upwards.
I'm pretty confident that for every firm using sharepoint as their primary
means of communication, there are hundreds if not thousands using email
instead. And each of those Fortune 500 firms are almost certainly also
using email too. Email isn't just a communication mechanism, it's also the
basis of your online identity.
> Whether I think this is wise makes no difference to whether I see this
> happening. I think it's unwise, and I see it happening in droves.
That's not what I'm seeing at all. I see people using instant chat protocols
for instant chat, and I see people using Email when it is appropriate for
them to use Email.
>> I don't find, "kids don't use email for casual conversations" to be a very
>> convincing argument that email is on its way out.
>
> I find it to be an overwhelming one. The future has spoken, and it
> thinks email is for old folks and fuddy-duddies. No technology can be
> said to be ascendant, or even keeping its market share, if future
> generations are not signing on to use it.
The future has spoken. Kids know about email. They know what it's for.
They use it when it's appropriate to use it. They use it more the older
they get. the World is only becoming more and more reliant on it as time
goes on. I am 100% confident that the future very firmly has Email, or
something very similar in it.
> Will email still be around in twenty years? Sure. But we still have
> Gopher servers today, too.
Gopher was replaced by a similar but better protocol (HTTP). I would be
happy to see Email replaced by a similar but better protocol. It will
probably still be called Email though. I think it's more likely that
various Email protocols will be extended and refined rather than an
outright replacement though.
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL:
From wk at gnupg.org Sun Apr 13 11:03:11 2014
From: wk at gnupg.org (Werner Koch)
Date: Sun, 13 Apr 2014 11:03:11 +0200
Subject: GPG and BCC
In-Reply-To: <1430606.o2gaqJObOZ@thufir.ingo-kloecker.de> ("Ingo
=?utf-8?Q?Kl=C3=B6cker=22's?=
message of "Fri, 11 Apr 2014 22:59:21 +0200")
References: <5346C0C5.8050704@josuttis.de>
<1430606.o2gaqJObOZ@thufir.ingo-kloecker.de>
Message-ID: <87zjjp8uuo.fsf@vigenere.g10code.de>
On Fri, 11 Apr 2014 22:59, kloecker at kde.org said:
> encrypted with the keys of all public recipients (To, Cc). And n copies
> for the n Bcc recipients where each copy is encrypted with the key of
> one Bcc recipient. That's what KMail does.
And that is the Right Thing to do. --throw-keyids or -R only remove the
keyid but still encrypts to the BCC recipient. The extra encryption
packet would be a good indication for the use of BCC with a broken
mailer.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From rdohm321 at gmail.com Sun Apr 13 22:38:48 2014
From: rdohm321 at gmail.com (Randolph)
Date: Sun, 13 Apr 2014 22:38:48 +0200
Subject: ElGamal without padding - why?
Message-ID:
Hi, why has ElGamal no padding in gcryt ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From wk at gnupg.org Mon Apr 14 09:51:13 2014
From: wk at gnupg.org (Werner Koch)
Date: Mon, 14 Apr 2014 09:51:13 +0200
Subject: ElGamal without padding - why?
In-Reply-To:
(Randolph's message of "Sun, 13 Apr 2014 22:38:48 +0200")
References:
Message-ID: <87zjjo73im.fsf@vigenere.g10code.de>
On Sun, 13 Apr 2014 22:38, rdohm321 at gmail.com said:
> Hi, why has ElGamal no padding in gcryt ?
Please me more verbose. See RFC-4880 on how Elgamal is used in OpenPGP.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From cwal989 at comcast.net Mon Apr 14 17:56:49 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Mon, 14 Apr 2014 11:56:49 -0400
Subject: Am I being blocked from posting on this list?
Message-ID: <534C0541.4020703@comcast.net>
I tried to post a message on that certain bug to this list yesterday, and it
has never shown up. I had two sources that suggested that said bug is far more
severe than most people think. So this message is a test.
From cwal989 at comcast.net Mon Apr 14 18:00:19 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Mon, 14 Apr 2014 12:00:19 -0400
Subject: Am I being blocked from posting on this list?
In-Reply-To: <534C0541.4020703@comcast.net>
References: <534C0541.4020703@comcast.net>
Message-ID: <534C0613.6020703@comcast.net>
On 4/14/2014 11:56 AM, Christopher J. Walters wrote:
> I tried to post a message on that certain bug to this list yesterday, and it
> has never shown up. I had two sources that suggested that said bug is far more
> severe than most people think. So this message is a test.
So, is there a keyword block on the name of that bug? This message posted, but
the other one (I tried posting it twice - once yesterday, and once today),
never showed up.
From cwal989 at comcast.net Mon Apr 14 20:24:20 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Mon, 14 Apr 2014 14:24:20 -0400
Subject: The bug... More info.
Message-ID: <534C27D4.6030300@comcast.net>
The discussion on the Heatbleed bug has apparently stopped here, and just about
everywhere else, but I found (courtesy of another mailing list), some more
reports on it, that you may have not seen. These reports suggest the the NSA
knew about and exploited the bug for "at least" two years, and may have even
worked to stop it from being reported and fixed.
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
Shorter link to the above article:
http://tinyurl.com/mq8owa2
Also,
http://www.sfgate.com/opinion/editorials/article/Encryption-security-compromised-in-a-heartbeat-5396510.php
Shorter link to the above article:
http://tinyurl.com/kmmqkfv
The NSA, or course, denies any knowledge, or exploitation of the bug, but you
can read the article and make your own decisions on that.
Chris
From dougb at dougbarton.us Mon Apr 14 20:35:02 2014
From: dougb at dougbarton.us (Doug Barton)
Date: Mon, 14 Apr 2014 11:35:02 -0700
Subject: The bug... More info.
In-Reply-To: <534C27D4.6030300@comcast.net>
References: <534C27D4.6030300@comcast.net>
Message-ID: <534C2A56.8040804@dougbarton.us>
Aside from the obvious fact that this is off-topic for this list, as has
been pointed out several times already, wouldn't the existence of a
subject line block give you a pretty good hint about the list owner's
intentions?
Doug
From cwal989 at comcast.net Mon Apr 14 20:42:21 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Mon, 14 Apr 2014 14:42:21 -0400
Subject: The bug... More info.
In-Reply-To: <534C2A56.8040804@dougbarton.us>
References: <534C27D4.6030300@comcast.net> <534C2A56.8040804@dougbarton.us>
Message-ID: <534C2C0D.3040607@comcast.net>
On 4/14/2014 2:35 PM, Doug Barton wrote:
> Aside from the obvious fact that this is off-topic for this list, as has been
> pointed out several times already, wouldn't the existence of a subject line
> block give you a pretty good hint about the list owner's intentions?
>
> Doug
Are you the list owner? Did you put a "subject line block" on this list? If
so, you should have said so, if not, then the list owner should have said so.
I do NOT believe that this is off topic for this list, if the list owner
believes that it is, and put such a block in place, that was the list owner's
responsibility to tell everyone on list not to post about it anymore on THIS list.
And finally, no. My messages not showing up on this list did not give me any
clue as to the list owners' intentions, as it could've been a problem with the
email getting to the list.
From rjh at sixdemonbag.org Mon Apr 14 20:43:45 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 14 Apr 2014 11:43:45 -0700
Subject: Am I being blocked from posting on this list?
In-Reply-To: <534C0541.4020703@comcast.net>
References: <534C0541.4020703@comcast.net>
Message-ID: <20140414114345.Horde.hc1qOjJmwGEZlNyYU7WCRw1@mail.sixdemonbag.org>
> I tried to post a message on that certain bug to this list
> yesterday, and it has never shown up. I had two sources that
> suggested that said bug is far more severe than most people think.
> So this message is a test.
Heartbleed! Heartbleed! Heartbleed!
Nope, no Great Old Ones have risen from the depths and begun to expose
humanity to unimaginable horrors. Maybe if I try again with the word
"Hastur"... [*]
Heartbleed was bad, yes. However, it's hard for me to believe it's
"far more severe than most people think." Being able to read 64k
chunks out of server memory at-will and on-demand by exploiting
commonly-used software is already a Chernobyl-level disaster. Really,
how's it going to get worse?
If it starts replacing my Glenmorangie Quinta Ruban with Black Velvet,
okay, then it'll be time to scream, wail and grieve. But until then,
let's keep our heads, let's face the future with a smile, let's not
panic, and let's not think the GnuPG list is censoring anything that
contains the word 'Heartbleed'.
Now, if you'll forgive me, there's a Great Old One I've been trying to awaken.
Hastur! Hastur! Hast--*urgkl* *thud*
[*] if this makes no sense to you, go read some H.P. Lovecraft's _The
Whisperer in Darkness_. :)
From cwal989 at comcast.net Mon Apr 14 20:56:52 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Mon, 14 Apr 2014 14:56:52 -0400
Subject: Am I being blocked from posting on this list?
In-Reply-To: <20140414114345.Horde.hc1qOjJmwGEZlNyYU7WCRw1@mail.sixdemonbag.org>
References: <534C0541.4020703@comcast.net>
<20140414114345.Horde.hc1qOjJmwGEZlNyYU7WCRw1@mail.sixdemonbag.org>
Message-ID: <534C2F74.3030507@comcast.net>
On 4/14/2014 2:43 PM, Robert J. Hansen wrote:
.snip.
> Heartbleed! Heartbleed! Heartbleed!
>
> Nope, no Great Old Ones have risen from the depths and begun to expose humanity
> to unimaginable horrors. Maybe if I try again with the word "Hastur"... [*]
>
> Heartbleed was bad, yes. However, it's hard for me to believe it's "far more
> severe than most people think." Being able to read 64k chunks out of server
> memory at-will and on-demand by exploiting commonly-used software is already a
> Chernobyl-level disaster. Really, how's it going to get worse?
.snip.
> heads, let's face the future with a smile, let's not panic, and let's not think
> the GnuPG list is censoring anything that contains the word 'Heartbleed'.
It is not just this list. That message has not shown up on other lists I have
posted it to.
> Now, if you'll forgive me, there's a Great Old One I've been trying to awaken.
>
> Hastur! Hastur! Hast--*urgkl* *thud*
>
.snip.
>
> [*] if this makes no sense to you, go read some H.P. Lovecraft's _The Whisperer
> in Darkness_. :)
Well, you can read the links and decide for yourself if they have any value.
As the Great One, Doug Barton stated (paraphrasing), this topic is totally
off-topic for this list, and I have violated the owners' wishes by posting on
it, and, of course I should have known this, and not even tried to post on this
topic on this list.
From wk at gnupg.org Mon Apr 14 21:15:09 2014
From: wk at gnupg.org (Werner Koch)
Date: Mon, 14 Apr 2014 21:15:09 +0200
Subject: The bug... More info.
In-Reply-To: <534C2C0D.3040607@comcast.net> (Christopher J. Walters's message
of "Mon, 14 Apr 2014 14:42:21 -0400")
References: <534C27D4.6030300@comcast.net> <534C2A56.8040804@dougbarton.us>
<534C2C0D.3040607@comcast.net>
Message-ID: <87vbub67uq.fsf@vigenere.g10code.de>
On Mon, 14 Apr 2014 20:42, cwal989 at comcast.net said:
> Are you the list owner? Did you put a "subject line block" on this
> list? If so, you should have said so, if not, then the list owner
There are only a few anti-spam measures on all gnupg.org lists and they
have been there for years. Specific procmail fitering is:
:0
* ^Subject:.*=\?ks_c_5601-1987\?
/dev/null
:0
* ^Subject:.*=\?GB2312\?
/dev/null
:0:
* ^Subject: Delivery Status Notification
/dev/null
:0:
* ^From:.*lottery.*
spam
:0
* ^Content-Type:.*multipart/mixed
{
:0 B
* ^Content-Type:.*text/plain;.*Windows-1252
* ^Content-Type:.*application/octet-stream
/dev/null
}
# We don't accept ZIP or EXE file attachments.
:0 BH
* ? scrutmime --match-zip --match-exe --quiet
/dev/null
:0:
* ^Subject:[ ]=\?Windows-1251\?B\?
/dev/null
:0fw: spamassassin.lock
| /usr/bin/spamassassin
:0:
* ^X-Spam-Flag: yes
/dev/null
and there is also greylisting and an RBL at the receiving MX.
And my private filtering drops everything which has HTML inside; do I do
not see all posted mails.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From rjh at sixdemonbag.org Mon Apr 14 21:27:13 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 14 Apr 2014 12:27:13 -0700
Subject: The bug... More info.
In-Reply-To: <534C27D4.6030300@comcast.net>
References: <534C27D4.6030300@comcast.net>
Message-ID: <20140414122713.Horde.6CjkoTfBrocTDJW3ttzALw1@mail.sixdemonbag.org>
> list), some more reports on it, that you may have not seen. These
> reports suggest the the NSA knew about and exploited the bug for "at
> least" two years, and may have even worked to stop it from being
> reported and fixed.
Given the bug was introduced in March of 2012, that would mean the bug
would have had to been discovered, an exploit tested, a product
weaponized, a product distributed to end-users, and deployed by
end-users against targets, all in under a month from the moment the
bug was introduced. I'm not saying it can't happen, but a healthy
distrust would seem appropriate here. Further, the use of "at least"
two years is meant to imply it could have been substantially longer --
but it could not have been more than two years and a month. Between
that and the journo's mishandling of anonymous sources, I am not
confident the Bloomberg journo did his homework.
With respect to anonymous sources, the standard is generally --
1. You give their background, broadly speaking
2. You say something about where they got the information
3. You specify they asked for anonymity -- it wasn't your idea
4. You explain why you're granting anonymity
If you can't meet those four requirements, you don't use the source.
If you can't give the public information about their background and
the source of their information, then you can't give the public enough
information to decide whether your source is credible. And if you
can't give the public enough information to decide whether your source
is credible, why should the public believe you?
(ObDisclosure: I used to work as a tech journo. My four-point outline
there was the standard we used, and my editor was fastidious about
enforcement -- whether it was as small as "one space after a colon and
the word is capitalized" or "four-point process for anonymous
sources," Terry was on top of things. I never used an anonymous
source.)
From rjh at sixdemonbag.org Mon Apr 14 21:42:58 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 14 Apr 2014 12:42:58 -0700
Subject: Am I being blocked from posting on this list?
In-Reply-To: <534C2F74.3030507@comcast.net>
References: <534C0541.4020703@comcast.net>
<20140414114345.Horde.hc1qOjJmwGEZlNyYU7WCRw1@mail.sixdemonbag.org>
<534C2F74.3030507@comcast.net>
Message-ID: <20140414124258.Horde.pEKghLtNDVznUzUsFce7kQ2@mail.sixdemonbag.org>
> As the Great One, Doug Barton stated (paraphrasing), this topic is
> totally off-topic for this list, and I have violated the owners'
> wishes by posting on it, and, of course I should have known this,
> and not even tried to post on this topic on this list.
There have been several posts on this list saying, "you know, you will
probably get better discussion and better answers on an OpenSSL
mailing list." I understand you believe the Heartbleed bug needs more
visibility. I respectfully suggest that pretty much everyone on this
list knows about Heartbleed, and talking about it here will not
increase the visibility of this issue one bit.
> It is not just this list. That message has not shown up on other
> lists I have posted it to.
I mean this with sincerity, caution, and respect.
Go watch the cherry blossoms.
In the current climate it's easy to think there's shadowy, nefarious
things going on in the darkness. There's terrorism all over the
Middle East, there's a 777 that's gone completely missing in the South
Pacific, civilians getting nerve-gassed in Syria, Russians in the
Crimea and possibly agitating Eastern Ukraine, the Snowden
revelations, the Manning revelations, the controversy over domestic
and international surveillance, will the Iranians get the bomb, is
Pakistan an ally or an enemy, the Baltic States worried about an
invasion from the east, North Korean missile and nuclear tests... the
list goes on and on and on.
It's easy to think that life has turned into a remake of _Three Days
of the Condor_. It is. I've been there and I've had those thoughts.
But it's not about you, man. Any more than it's about me. And your
messages are not getting censored because they reference the
Heartbleed bug.
If you're in the Northern Hemisphere, then you're in the middle of
spring. Around here in northern Virginia it's absolutely beautiful.
The cherry blossoms have come to Washington. Life is beautiful. Go
out and enjoy it for a while, and enjoy the fact that as bad as the
international news is nowadays ... it's not about you.
And that's good advice for the rest of us, too. If you ever get
overwhelmed by all the bad news, go watch the cherry blossoms for a
while.
It's cheaper than therapy, and in my personal experience it's far more
effective. :)
From cwal989 at comcast.net Mon Apr 14 21:42:54 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Mon, 14 Apr 2014 15:42:54 -0400
Subject: The bug... More info.
In-Reply-To: <20140414122713.Horde.6CjkoTfBrocTDJW3ttzALw1@mail.sixdemonbag.org>
References: <534C27D4.6030300@comcast.net>
<20140414122713.Horde.6CjkoTfBrocTDJW3ttzALw1@mail.sixdemonbag.org>
Message-ID: <534C3A3E.1010603@comcast.net>
On 4/14/2014 3:27 PM, Robert J. Hansen wrote:
> Given the bug was introduced in March of 2012, that would mean the bug would
> have had to been discovered, an exploit tested, a product weaponized, a product
> distributed to end-users, and deployed by end-users against targets, all in
> under a month from the moment the bug was introduced. I'm not saying it can't
> happen, but a healthy distrust would seem appropriate here. Further, the use
> of "at least" two years is meant to imply it could have been substantially
> longer -- but it could not have been more than two years and a month. Between
> that and the journo's mishandling of anonymous sources, I am not confident the
> Bloomberg journo did his homework.
>
> With respect to anonymous sources, the standard is generally --
>
> 1. You give their background, broadly speaking
> 2. You say something about where they got the information
> 3. You specify they asked for anonymity -- it wasn't your idea
> 4. You explain why you're granting anonymity
>
> If you can't meet those four requirements, you don't use the source. If you
> can't give the public information about their background and the source of
> their information, then you can't give the public enough information to decide
> whether your source is credible. And if you can't give the public enough
> information to decide whether your source is credible, why should the public
> believe you?
>
> (ObDisclosure: I used to work as a tech journo. My four-point outline there
> was the standard we used, and my editor was fastidious about enforcement --
> whether it was as small as "one space after a colon and the word is
> capitalized" or "four-point process for anonymous sources," Terry was on top of
> things. I never used an anonymous source.)
I tend to agree, actually. As to Snowden, how exactly could a private
contractor have that level of security clearance, anyway? I said that the
report "suggests" NSA involvement - not that I agree. The anonymous sources
are a major problem for believability. The NSA has gotten a lot of bad press
lately, and it looks to me like Bloomberg (not the best source of information,
in general, IMHO) has jumped on the bandwagon.
Since I have NO security clearance with the NSA, I cannot comment on any
involvement, and I doubt anyone on this list, or the 'sources' have such
clearance to comment on it, either. So, I retain my disbelief.
Note: I only wanted to post those articles for people to be able to read and
make up their own minds. I will post no more here on this bug.
From dougb at dougbarton.us Mon Apr 14 21:57:45 2014
From: dougb at dougbarton.us (Doug Barton)
Date: Mon, 14 Apr 2014 12:57:45 -0700
Subject: The bug... More info.
In-Reply-To: <534C2C0D.3040607@comcast.net>
References: <534C27D4.6030300@comcast.net> <534C2A56.8040804@dougbarton.us>
<534C2C0D.3040607@comcast.net>
Message-ID: <534C3DB9.6020106@dougbarton.us>
On 04/14/2014 11:42 AM, Christopher J. Walters wrote:
> I do NOT believe that this is off topic for this list
Then can we get a ruling from the list owners/moderators please?
From peter at digitalbrains.com Mon Apr 14 22:36:53 2014
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 14 Apr 2014 22:36:53 +0200
Subject: The bug... More info.
In-Reply-To: <20140414122713.Horde.6CjkoTfBrocTDJW3ttzALw1@mail.sixdemonbag.org>
References: <534C27D4.6030300@comcast.net>
<20140414122713.Horde.6CjkoTfBrocTDJW3ttzALw1@mail.sixdemonbag.org>
Message-ID: <534C46E5.7070309@digitalbrains.com>
On 14/04/14 21:27, Robert J. Hansen wrote:
> Given the bug was introduced in March of 2012, that would mean the bug would
> have had to been discovered, an exploit tested, a product weaponized
In /this specific instance/, I believe these three can indeed be the product of,
well, mere hours.
I don't think it's unreasonable to suppose it might very well be :) the NSA is
reading through all patches that go into the OpenSSL stable tree; it's not that
much work for a big organisation and you might catch some low-hanging fruit.
This specific patch was extremely low-hanging! We take an unchecked 16-bit
length from a packet we receive from the internet, and use that to copy a block
of newly-allocated data to the return packet! Holy crap. The OpenSSL developer
that accepted this patch (that was submitted by an outsider) was not having a
good day, and I think he would never write this code. For a programmer that has
been working on a security project for quite a while, I believe it becomes just
a reflex while writing such code: you take a length argument from user-supplied
data, you do sanity checks on it.
Similarly, I think people at the NSA, trained at reading code for possible
exploits, might have actually squirted coffee when they read through this patch.
And it's really easily exploited, so yes, I think you can weaponize in a mere
afternoon.
> a product distributed to end-users, and deployed by end-users against
> targets
I'm not going to assess these few points though, they are less obvious. However,
I think you don't need much distribution. You can just send the heartbeats
yourself, and read other people's data from the process's memory. Sifting
through that memory for interesting stuff is more complicated, but doesn't need
to be done on the spot.
> Further, the use of "at least" two years is meant to imply it could have
> been substantially longer -- but it could not have been more than two years
> and a month.
That indeed is pure sensationalism.
The news report might have been completely made up. However, I think it might
still be true, given how big a target OpenSSL is, and how easy to spot the bug
was. Too bad none of the good guys actually spotted it. Such is life,
unfortunately. People make mistakes. Sometimes pretty big, dumb mistakes. Even
the smartest people.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From rjh at sixdemonbag.org Mon Apr 14 22:47:46 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 14 Apr 2014 13:47:46 -0700
Subject: The bug... More info.
In-Reply-To: <534C3A3E.1010603@comcast.net>
References: <534C27D4.6030300@comcast.net>
<20140414122713.Horde.6CjkoTfBrocTDJW3ttzALw1@mail.sixdemonbag.org>
<534C3A3E.1010603@comcast.net>
Message-ID: <20140414134746.Horde._l0pc9d43-CUjVXGHrZtjg1@mail.sixdemonbag.org>
> how exactly could a private contractor have that level
> of security clearance, anyway?
The government had a seat that needed filling, they couldn't get the
seat filled at the paycheck they're legally allowed to offer to a
direct employee, so they hired a private contractor to fill the role.
Pretty simple, really.
The government pay rate for someone with a Master's degree and ten
years of experience hovers around $60,000 per year, incidentally.
It's shockingly low by the standards of the tech sector.
From cwal989 at comcast.net Mon Apr 14 22:49:51 2014
From: cwal989 at comcast.net (Christopher J. Walters)
Date: Mon, 14 Apr 2014 16:49:51 -0400
Subject: The bug... More info. / OFF TOPIC
In-Reply-To: <534C3DB9.6020106@dougbarton.us>
References: <534C27D4.6030300@comcast.net> <534C2A56.8040804@dougbarton.us>
<534C2C0D.3040607@comcast.net> <534C3DB9.6020106@dougbarton.us>
Message-ID: <534C49EF.8010809@comcast.net>
On 4/14/2014 3:57 PM, Doug Barton wrote:
> On 04/14/2014 11:42 AM, Christopher J. Walters wrote:
>> I do NOT believe that this is off topic for this list
>
> Then can we get a ruling from the list owners/moderators please?
We already have one from Werner Koch. However, that doesn't matter, it IS
off-topic and, as I said, I will not be posting about it again.
From byrnejb at harte-lyne.ca Mon Apr 14 23:03:58 2014
From: byrnejb at harte-lyne.ca (James B. Byrne)
Date: Mon, 14 Apr 2014 17:03:58 -0400
Subject: The bug... More info.
In-Reply-To: <20140414134746.Horde._l0pc9d43-CUjVXGHrZtjg1@mail.sixdemonbag.org>
References: <534C27D4.6030300@comcast.net>
<20140414122713.Horde.6CjkoTfBrocTDJW3ttzALw1@mail.sixdemonbag.org>
<534C3A3E.1010603@comcast.net>
<20140414134746.Horde._l0pc9d43-CUjVXGHrZtjg1@mail.sixdemonbag.org>
Message-ID:
On Mon, April 14, 2014 16:47, Robert J. Hansen wrote:
>> how exactly could a private contractor have that level
>> of security clearance, anyway?
>
> The government had a seat that needed filling, they couldn't get the
> seat filled at the paycheck they're legally allowed to offer to a
> direct employee, so they hired a private contractor to fill the role.
> Pretty simple, really.
>
> The government pay rate for someone with a Master's degree and ten
> years of experience hovers around $60,000 per year, incidentally.
> It's shockingly low by the standards of the tech sector.
Not to mention that the U.S. Government, for all intents and purposes, gave up
doing background security checks around 2006 since it could not manage the
backlog. Well, they did not give it up so much as contract it out to a
company that put profit ahead of product and they essentially stopped doing it
on the governments behalf.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
From JPClizbe at tx.rr.com Thu Apr 10 06:16:47 2014
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Wed, 09 Apr 2014 23:16:47 -0500
Subject: It's 2014. Are we there yet?
In-Reply-To: <53458A50.2050906@sixdemonbag.org>
References:
<53458A50.2050906@sixdemonbag.org>
Message-ID: <53461B2F.3020205@tx.rr.com>
Robert J. Hansen wrote:
>> The ?secure communications? paradigm of course spans a whole spectrum
>> from ?I don?t give a ****? to ?I?ll do anything to protect my
>> communications, including giving away my first born?. I suspect the
>> ?average Joe user? in 2014 is slightly above the former, but way below
>> the latter. Without going to the other end of the spectrum, what will
>> make adoption of secure communications a bit more palatable to the
>> ?average Joe user??
>
> Every year or so this subject comes up, and my answers are unchanged
> from last time: start by reading up on academic papers studying this
> exact problem. For a while John Clizbe and I kept a list of good
> papers, but I have to confess I haven't been keeping up on the latest
> literature. Still, our last list is pretty good reading.
>
> (These selections come from both John and me, but John is the one who
> assembled them into proper cite format -- thanks, John. For the
> original message, see "Re: what is killing PKI?" on this mailing list,
> posted on 24 Aug 2012.)
>
> =====
Oh yeah, THAT thread. There hasn't been much new work that I've seen.
Certainly nothing invalidating any of these.
The list along with available from links:
Gaw, S., Felten, E. W., and Fernandez-Kelly, P. 2006.
Secrecy, flagging, and paranoia: adoption criteria in encrypted email.
In Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems (Montreal, Quebec, Canada, April 22 - 27, 2006).
R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and
G. Olson, Eds. CHI '06. ACM, New York, NY, 591-600.
DOI= http://doi.acm.org/10.1145/1054972.1055069
Available at: http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf
I would also add
Garfinkel, S. L., Margrave, D., Schiller, J. I., Nordlander, E.,
and Miller, R. C. 2005. How to make secure email easier to use.
In _Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems_ (Portland, Oregon, USA, April 02 - 07, 2005).
CHI '05. ACM, New York, NY, 701-710.
DOI= http://doi.acm.org/10.1145/1054972.1055069
Available at: http://simson.net/ref/2004/chi2005_smime_submitted.pdf
And a perennial favorite:
Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J.
Hyland. Why Johnny Still Can?t Encrypt: Evaluating the Usability of
Email Encryption Software. Poster session, 2006 Symposium On Usable
Privacy and Security, Pittsburgh, PA, July 2006.
http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstract.pdf
And its predecessor:
Alma Whitten and J.D. Tygar. Why Johnny Can?t Encrypt: A Usability
Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security
Symposium, Washington, DC, August 1999.
http://bit.ly/OaEeTD
> > Everyone on this mailing list has their own pet theory for why PKI
> > adoption is so lousy. All of us are probably wrong. However,
> > published, peer-reviewed studies of PKI adoption and the forces driving
> > and inhibiting them are probably less wrong.
The peer reviewed literature has many, many, references on this topic.
They're a great place to start when assumptions and pet theories take root.
http://scholar.google.com/scholar?q=email+encryption
++++++++++++
2nd msg:Chatting with Kristen [Fiskerstrand], he pointed me to
Usability of Security: A Case Study. Alma Whitten and J. D. Tygar.
Carnegie Mellon University Computer Science technical report CMU-CS-98-155,
December 1998.
Abstract:
http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA361032
'The unmotivated user property' and 'The abstraction property' are
particularly worth noting and keeping in mind.
-John
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: OpenPGP digital signature
URL:
From rjh at sixdemonbag.org Tue Apr 15 00:51:44 2014
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 14 Apr 2014 18:51:44 -0400
Subject: The bug... More info.
In-Reply-To:
References: <534C27D4.6030300@comcast.net>
<20140414122713.Horde.6CjkoTfBrocTDJW3ttzALw1@mail.sixdemonbag.org>
<534C3A3E.1010603@comcast.net>
<20140414134746.Horde._l0pc9d43-CUjVXGHrZtjg1@mail.sixdemonbag.org>
Message-ID: <534C6680.5060408@sixdemonbag.org>
> backlog. Well, they did not give it up so much as contract it out to a
> company that put profit ahead of product and they essentially stopped doing it
> on the governments behalf.
I was about to not respond, but -- I have this thing about errors of
fact: I want to see them corrected. So yes, this is off-topic, and I
plan on letting this end here.
The USG still does a lot of these, and there are several companies
providing these background check services. USIS, one of the largest
providers, is under investigation for misconduct -- but let's not go
about thinking the entire system has collapsed, or that the USG doesn't
do any of the work itself any more. Neither is true.
From mirimir at riseup.net Tue Apr 15 00:03:12 2014
From: mirimir at riseup.net (Mirimir)
Date: Mon, 14 Apr 2014 16:03:12 -0600
Subject: It's 2014. Are we there yet?
In-Reply-To: <53461B2F.3020205@tx.rr.com>
References:
<53458A50.2050906@sixdemonbag.org> <53461B2F.3020205@tx.rr.com>
Message-ID: <534C5B20.7090307@riseup.net>
On 04/09/2014 10:16 PM, John Clizbe wrote:
> Robert J. Hansen wrote:
>>> The ?secure communications? paradigm of course spans a whole spectrum
>>> from ?I don?t give a ****? to ?I?ll do anything to protect my
>>> communications, including giving away my first born?. I suspect the
>>> ?average Joe user? in 2014 is slightly above the former, but way below
>>> the latter. Without going to the other end of the spectrum, what will
>>> make adoption of secure communications a bit more palatable to the
>>> ?average Joe user??
>>
>> Every year or so this subject comes up, and my answers are unchanged
>> from last time: start by reading up on academic papers studying this
>> exact problem. For a while John Clizbe and I kept a list of good
>> papers, but I have to confess I haven't been keeping up on the latest
>> literature. Still, our last list is pretty good reading.
>>
>> (These selections come from both John and me, but John is the one who
>> assembled them into proper cite format -- thanks, John. For the
>> original message, see "Re: what is killing PKI?" on this mailing list,
>> posted on 24 Aug 2012.)
Some of us wonder why Mixmaster nyms never took off, and we consider
Enigmail as the Holy Grail of usability ;)
From florian at florian-wolters.de Tue Apr 15 16:34:30 2014
From: florian at florian-wolters.de (Florian Wolters)
Date: Tue, 15 Apr 2014 16:34:30 +0200
Subject: Chipdrive SPR 532 and OpenPGP Card with 4096Bit RSA Keys
In-Reply-To:
References: <20140403124204.GB11096@miraculix.wolters.lan>
<533FE41F.4030009@digitalbrains.com>
<20140405135757.GA6302@miraculix.wolters.lan>
Message-ID: <534D4376.4050506@florian-wolters.de>
Hi @ll,
I got one further question regarding the Chipdrive. This device is one
with a pinpad. But currently the PIN is asked on the monitor and to be
entered with the keyboard rather than the pinpad. Can that be associated
with running just "gpg2 --card-status"?
How does GnuPG decide wether to ask for the Pin on screen or to let it
be entered on the pinpad? I had that working when I ran "keytocard" but
I cannot return to this state ...
Regards
Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL:
From peter at digitalbrains.com Tue Apr 15 22:06:57 2014
From: peter at digitalbrains.com (Peter Lebbing)
Date: Tue, 15 Apr 2014 22:06:57 +0200
Subject: Chipdrive SPR 532 and OpenPGP Card with 4096Bit RSA Keys
In-Reply-To: <534D4376.4050506@florian-wolters.de>
References: <20140403124204.GB11096@miraculix.wolters.lan>
<533FE41F.4030009@digitalbrains.com>
<20140405135757.GA6302@miraculix.wolters.lan>
<534D4376.4050506@florian-wolters.de>
Message-ID: <534D9161.3010205@digitalbrains.com>
On 15/04/14 16:34, Florian Wolters wrote:
> How does GnuPG decide wether to ask for the Pin on screen or to let it
> be entered on the pinpad?
AFAIK, only the internal CCID driver supports entry on the pinpad, and it is by
default enabled when using the internal CCID driver. However, if you have pcscd
running, I suppose GnuPG will use that. Then the pinpad is not supported.
So: do you have a pcscd running? If you don't need it, stop it, and scdaemon
will use it's interal driver.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From mailinglisten at hauke-laging.de Wed Apr 16 16:14:23 2014
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Wed, 16 Apr 2014 16:14:23 +0200
Subject: signatures for other people's emails
Message-ID: <1877363.7A8bajizQs@inno>
Hello,
this is not GnuPG-specific, not even crypto-specific in the sense that I
guess no real change to any crypto tool or standard would be necessary.
Technically it's about a new MIME container usage but crypto-related. I
hope here are the right people to comment on that. Somehow I prefer
getting slammed here over the openpgp working group mailing list...
This idea came from a real experience a few days ago. I am trying to get
crypto usage on a large scale to one of Germany's biggest universities
(FU Berlin). The CS and math departments organize a small (but official)
information event. I give four real courses (inofficial but supported by
the dean; http://crypto.spline.de/). As this is mainly about peer
pressure for the freshman students I wanted to teach some of the Ph.D.
students crypto first. We invited about 30 people, none even reacted.
I was told that this effect was less about the offer itself but more
about the point that this was "one more email from a stranger to a group
of people". I.e. probably not even read by many of them.
That was the example, now the idea:
With a small change to the PGP/MIME standard this would have been
possible: I write the email but do not send it to the intended
recipients but to the dean first. He makes a signature (some easy one-
click feature maybe with a comment) about the email (or about my
signature) and sends it back to me. Then I add his signature to my email
and send it to the recipients. Now this happens: The recipients still
see an email from a stranger to a group of people but now their mail
client tells them that their dean (and maybe even more people) supports
this email.
Of course, you have noticed that a crypto feature does not work in a
mail which shall make people start using crypto but you get the idea.
This would be possible without crypto, too, but I guess to easy to abuse
for being accepted.
I guess it would be enough to replace the signature container by a
multipart container with several signatures. Somehow the real sender
signature would have to be marked (or rather: the support signatures
should be marked as such, either implicitly by being a signature over
the sender signature or explicitly by a notation).
I don't want to be too optimistic but I guess this could be so useful
that it might actually become a reason for the not so small "I have
nothing to hide" group to start using crypto.
Hauke
--
Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL:
From peter at digitalbrains.com Wed Apr 16 18:21:16 2014
From: peter at digitalbrains.com (Peter Lebbing)
Date: Wed, 16 Apr 2014 18:21:16 +0200
Subject: signatures for other people's emails
In-Reply-To: <1877363.7A8bajizQs@inno>
References: <1877363.7A8bajizQs@inno>
Message-ID:
The usual way it works here would be, in your example, for the dean to
send the recipients a message with "Please consider the request in the
attached message", and your message would be attached. That way, it is
the dean who requests something, and the PhD would be inclined to read
it.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From mailinglisten at hauke-laging.de Wed Apr 16 18:37:56 2014
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Wed, 16 Apr 2014 18:37:56 +0200
Subject: signatures for other people's emails
In-Reply-To:
References: <1877363.7A8bajizQs@inno>
Message-ID: <1567753.xkBQJNmas7@inno>
Am Mi 16.04.2014, 18:21:16 schrieb Peter Lebbing:
> The usual way it works here would be, in your example, for the dean to
> send the recipients a message with "Please consider the request in
> the attached message", and your message would be attached. That way,
> it is the dean who requests something, and the PhD would be inclined
> to read it.
That is indeed possible but has disadvantages:
a) It does not work with more than one supporter.
b) The supporter becomes more involved in the communication than he
wants to: He appears as the sender and may receive answers (even bounces
and autoresponders).
c) The real sender does not have the mail in his sent mail archive thus
breaking the usual communication structure. In case of doubt he does not
even know whether the mail has already been sent by the supporter.
d) The same for the recipients: They cannot simply search for a mail
from the real sender.
e) The supporter must handle the recipients in that case. That may be a
complicated procedure; he may not even have all the addresses yet.
I guess you agree that the procedure you suggest is possible but would
be used only due to the lack of something better and not because it was
the best (or even a good) way of doing that.
The practical question is: Would you vote / argue against the
development of such a new feature because of the existing possibilities?
A general remark: Some time ago we had a discussion here about the
future of email. Who's still using it and for what and the like. I think
with this background it makes sense to consider how email can become
better.
Hauke
--
Crypto f?r alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL:
From tux.tsndcb at free.fr Wed Apr 16 17:40:30 2014
From: tux.tsndcb at free.fr (tux.tsndcb at free.fr)
Date: Wed, 16 Apr 2014 17:40:30 +0200 (CEST)
Subject: gnupg smartcard on boot for LUKS on sid debian howto ?
In-Reply-To: <534D9161.3010205@digitalbrains.com>
Message-ID: <1064592255.112549990.1397662830669.JavaMail.root@zimbra33-e6.priv.proxad.net>
Hello Peter,
Actually, I'm on a fresh sid Debian installed, I've use during install crypted LVM volume for all my partitions excepted for /boot.
So now I've two files like these :
/etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#
/dev/mapper/sda5_crypt / btrfs ssd,discard,noatime 0 1
# /boot was on /dev/sda1 during installation
UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx /boot btrfs ssd,discard,noatime 0 2
/dev/mapper/sda7_crypt /data btrfs ssd,discard,noatime 0 2
...
and
/etc/cryptab :
sda5_crypt UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy none luks,discard
sda7_crypt UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx none luks,discard
....
In a first time, I want to add a key.gpg file solution, so in the firt time I want it ask to me the pincode for the key.gpg file, and if it's wrong or broken ask me the usual passphrase.
So could you explain us step by step, how to add this key.gpg as passphrase on a existing lvm crypted partition and how to have gnupg smartcard activate on boot to decrypt the key.gpg file ?
Thanks in advanced for your return.
PS : my gnupg smartcard works actually fine on a terminal on xsession.
Best Regards
From tim at piratemail.se Wed Apr 16 17:39:15 2014
From: tim at piratemail.se (tim at piratemail.se)
Date: Wed, 16 Apr 2014 11:39:15 -0400 (EDT)
Subject: signatures for other people's emails
Message-ID: <0a6c5f9e-fbc1-6a04-fffb-29fecfbb2b04@piratemail.se>
I'm sure there are more qualified people to answer this, but since I've been staring at pgp-mime for the last few months, I thought I would give a few thoughts.
I believe you are asking, "is it possible to concatenate signatures, to create a new signature block which is then used with pgp-mime."
1. I think this is possible. If the dean signs your content, and you receive his signature, I *believe* that once an implementation gets the signature packet from the signature, it could added to a signature block. Each signature packet contains the keyid of the signer (if put there), and its own signature type/algorithm/hash/etc. So, I *believe* each signature is independent of every other signature.
In my process of checking a signature, I find the keyId and lookup the keyId for the publicKey. So it doesn't matter who the mail is actually from.
2. An alternative, which you spoke of, I believe, would also work. Where a pgp-mime signature pair, contains a pgp-mime signature pair. So your dean would send you the mail, and you could encapsulate it with your own signature.
The tricky part, of course, would be if any implementation actually facilitates this.
Cheers,
-tim
p.s. Thanks for your help with the pgp-mime previously, -- g at pmx.mooo.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 513 bytes
Desc: Message signed with OpenPGPJS
URL:
From mwood at IUPUI.Edu Wed Apr 16 19:28:02 2014
From: mwood at IUPUI.Edu (Mark H. Wood)
Date: Wed, 16 Apr 2014 13:28:02 -0400
Subject: signatures for other people's emails
In-Reply-To: <1567753.xkBQJNmas7@inno>
References: <1877363.7A8bajizQs@inno>
<1567753.xkBQJNmas7@inno>
Message-ID: <20140416172802.GC32102@IUPUI.Edu>
I also thought it would be preferable just to pass the message through
the person whose prestige would, if lent, get you a reading. The
problem with having the message come from an unknown is that it is
coming from an unknown. If the message is not opened, it doesn't
matter whose signatures are on it, because they will not be seen. So,
I don't think that multiple signatures addresses the original problem
at all.
However, there are uses for documents which must bear multiple
signatures from *known* individuals or roles, and being able to
present all of those signatures as a set, rather than having them
scattered through layers of MIME frosting, would be valuable to some.
OTOH some types of multiple signature may require "signature over
signature": a signed document contained in another signed document,
so that the outer signature attests that at the time it was made, the
inner document bore a specific signature. It may be possible to
compress the structure if there were defined signature types for these
uses, so that one knows (for example) to include all of the foregoing
signatures in the text to be validated.
--
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Machines should not be friendly. Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
From tux.tsndcb at free.fr Wed Apr 16 22:19:28 2014
From: tux.tsndcb at free.fr (tux.tsndcb at free.fr)
Date: Wed, 16 Apr 2014 22:19:28 +0200 (CEST)
Subject: gnupg smartcard on boot for LUKS on sid debian howto ?
In-Reply-To:
Message-ID: <264630471.113417177.1397679568591.JavaMail.root@zimbra33-e6.priv.proxad.net>
Hello,
Thanks for your answer, I've already see your article and I asked to me many questions.
But in my case I've already crypted lvm partition with a passphrase, so can I only generated key.txt file and encrypt it with my gnupg key and add in cryptab file :
/etc/cryptab :
sda5_crypt UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy /etc/gpg_luks/luks-key.txt none luks,keyscript=/usr/local/sbin/decrypt_luks.sh
sda5_crypt UUID=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy none luks,discard
crypto /dev/sda2 none luks,keyscript=/usr/local/sbin/decrypt_luks.sh
sda7_crypt UUID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx none luks,discard
But in the debian case, it's seems than I neeed to use /lib/cryptsetup/scripts/decrypt_gnupg, but I've not really exemple on that.
Best Regards
----- Mail original -----
De: "Thomas Harning Jr."
?: "tux tsndcb"
Cc: "Peter Lebbing" , gnupg-users at gnupg.org
Envoy?: Mercredi 16 Avril 2014 21:32:22
Objet: Re: gnupg smartcard on boot for LUKS on sid debian howto ?
I believe this blog article could be a useful reference:
https://blog.kumina.nl/2010/07/two-factor-luks-using-ubuntu/
This happens to work beautifully w/ the Yubikey NEO and the GPG Applet
The article does omit any backup measures, so I added a separate long passphrase to use in the backup case - but to use it requires the initial boot UI to fail and I manually unlock the volumes and resume boot w/o the gnupg unlock.
On Wed, Apr 16, 2014 at 11:40 AM, < tux.tsndcb at free.fr > wrote:
Hello Peter,
Actually, I'm on a fresh sid Debian installed, I've use during install crypted LVM volume for all my partitions excepted for /boot.
So now I've two files like these :
/etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#